Error to update orderermsp in Hyperledger fabric - hyperledger-fabric

I am try to migrate kafka to raft and try to update channel configuration in which EnableNodeOUs is true when I sign the update file with orderermsp it give error
result err: sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
this are the command which i follow
# change work directories
mkdir maintenance_on_$CHANNEL_NAME && cd maintenance_on_$CHANNEL_NAME
# fetch current channel config
peer channel fetch config config_block.pb -o orderer0.dxb.com:7050 -c avanzachannel --tls --cafile $ORDERER_CA
# decode fetched channel config
configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json > config.json
# save old config, to calculate delta in the future
cp config.json config_mod.json
cat config.json | grep name
# set maintenance mode in configs
sed -i 's/NORMAL/MAINTENANCE/g' config_mod.json
# encode old config to protopuf
configtxlator proto_encode --input config.json --type common.Config --output config.pb
# encode new config to protopuf
configtxlator proto_encode --input config_mod.json --type common.Config --output modified_config.pb
# compute delta between configs
configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output config_update.pb
# decode delta config
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate | jq . > config_update.json
# wrap delta config with a header
echo '{"payload":{"header":{"channel_header":{"channel_id":"avanzachannel", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_envelope.json
# encode wrapped config to protopuf
configtxlator proto_encode --input config_update_envelope.json --type common.Envelope --output config_update_in_envelope.pb
# sign channel update config
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/crypto/ordererOrganizations/dxb.com/orderers/orderer0.dxb.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/dxb.com/users/Admin#dxb.com/msp
export CORE_PEER_LOCALMSPID=OrdererMSP
peer channel signconfigtx -f config_update_in_envelope.pb
# # export all needed env vars
# export CORE_PEER_LOCALMSPID="OrdererMSP"
# export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/crypto/ordererOrganizations/dxb.com/orderers/orderer.dxb.com/tls/ca.crt
# export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/dxb.com/users/Admin#dxb.com/msp/
# export CORE_PEER_ADDRESS=peer0.org1.dxb.com:7051
# submit new channel config
peer channel update -f config_update_in_envelope.pb -c $CHANNEL_NAME -o orderer0.dxb.com:7050 --tls --cafile $ORDERER_CA


I think the problem is the same as this link.
The problem is that your orderer admin cert doesn't have a correct 'OU'.
You can follow the answer and try all steps again.

Related

Error Upgrading/Modifying Fabcar Chainicode

I wrote a script (see below) based on startFabric.sh to upgrade the fabcar chaincode. Basically, (1) I executed ./startFabric.sh, (2) modified the chaincode which is the fabcar.js file in the chaincodes folder, (3) ran my upgrade script (below), (4) cd javascript folder, (5) executed node query.js, and received error retrieving package and opening directory. What is wrong with my upgradeFabric.sh script?
#!/bin/bash
set -e
# don't rewrite paths for Windows Git Bash users
export MSYS_NO_PATHCONV=1
starttime=$(date +%s)
CC_SRC_LANGUAGE=${1:-"go"}
CC_SRC_LANGUAGE=`echo "$CC_SRC_LANGUAGE" | tr [:upper:] [:lower:]`
if [ "$CC_SRC_LANGUAGE" = "go" -o "$CC_SRC_LANGUAGE" = "golang" ]; then
CC_RUNTIME_LANGUAGE=golang
CC_SRC_PATH=github.com/chaincode/fabcar/go
elif [ "$CC_SRC_LANGUAGE" = "java" ]; then
CC_RUNTIME_LANGUAGE=java
CC_SRC_PATH=/opt/gopath/src/github.com/chaincode/fabcar/java
elif [ "$CC_SRC_LANGUAGE" = "javascript" ]; then
CC_RUNTIME_LANGUAGE=node # chaincode runtime language is node.js
CC_SRC_PATH=/opt/gopath/src/github.com/chaincode/fabcar/javascript
elif [ "$CC_SRC_LANGUAGE" = "typescript" ]; then
CC_RUNTIME_LANGUAGE=node # chaincode runtime language is node.js
CC_SRC_PATH=/opt/gopath/src/github.com/chaincode/fabcar/typescript
echo Compiling TypeScript code into JavaScript ...
pushd ../chaincode/fabcar/typescript
npm install
npm run build
popd
echo Finished compiling TypeScript code into JavaScript
else
echo The chaincode language ${CC_SRC_LANGUAGE} is not supported by this script
echo Supported chaincode languages are: go, javascript, and typescript
exit 1
fi
# clean the keystore
rm -rf ./hfc-key-store
CONFIG_ROOT=/opt/gopath/src/github.com/hyperledger/fabric/peer
ORG1_MSPCONFIGPATH=${CONFIG_ROOT}/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
ORG1_TLS_ROOTCERT_FILE=${CONFIG_ROOT}/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
ORG2_MSPCONFIGPATH=${CONFIG_ROOT}/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp
ORG2_TLS_ROOTCERT_FILE=${CONFIG_ROOT}/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
ORDERER_TLS_ROOTCERT_FILE=${CONFIG_ROOT}/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
set -x
echo "Installing smart contract on peer0.org1.example.com"
docker exec \
-e CORE_PEER_LOCALMSPID=Org1MSP \
-e CORE_PEER_ADDRESS=peer0.org1.example.com:7051 \
-e CORE_PEER_MSPCONFIGPATH=${ORG1_MSPCONFIGPATH} \
-e CORE_PEER_TLS_ROOTCERT_FILE=${ORG1_TLS_ROOTCERT_FILE} \
cli \
peer chaincode install \
-n fabcar \
-v 1.6 \
-p "$CC_SRC_PATH" \
-l "$CC_RUNTIME_LANGUAGE"
echo "Installing smart contract on peer0.org2.example.com"
docker exec \
-e CORE_PEER_LOCALMSPID=Org2MSP \
-e CORE_PEER_ADDRESS=peer0.org2.example.com:9051 \
-e CORE_PEER_MSPCONFIGPATH=${ORG2_MSPCONFIGPATH} \
-e CORE_PEER_TLS_ROOTCERT_FILE=${ORG2_TLS_ROOTCERT_FILE} \
cli \
peer chaincode install \
-n fabcar \
-v 1.6 \
-p "$CC_SRC_PATH" \
-l "$CC_RUNTIME_LANGUAGE"
echo "(1/2) Upgrading smart contract on mychannel"
docker exec \
-e CORE_PEER_LOCALMSPID=Org1MSP \
-e CORE_PEER_MSPCONFIGPATH=${ORG1_MSPCONFIGPATH} \
cli \
peer chaincode upgrade \
-o orderer.example.com:7050 \
-C mychannel \
-n fabcar \
-l "$CC_RUNTIME_LANGUAGE" \
-v 1.6 \
-c '{"Args":[]}' \
-P "AND('Org1MSP.member','Org2MSP.member')" \
--tls \
--cafile ${ORDERER_TLS_ROOTCERT_FILE} \
--peerAddresses peer0.org1.example.com:7051 \
--tlsRootCertFiles ${ORG1_TLS_ROOTCERT_FILE}
echo "(2/2) Upgrading smart contract on mychannel"
docker exec \
-e CORE_PEER_LOCALMSPID=Org2MSP \
-e CORE_PEER_MSPCONFIGPATH=${ORG2_MSPCONFIGPATH} \
cli \
peer chaincode upgrade \
-o orderer.example.com:7050 \
-C mychannel \
-n fabcar \
-l "$CC_RUNTIME_LANGUAGE" \
-v 1.6 \
-c '{"Args":[]}' \
-P "AND('Org1MSP.member','Org2MSP.member')" \
--tls \
--cafile ${ORDERER_TLS_ROOTCERT_FILE} \
--peerAddresses peer0.org2.example.com:9051 \
--tlsRootCertFiles ${ORG2_TLS_ROOTCERT_FILE}
echo "Waiting for upgrade request to be committed ..."
sleep 10
echo "Submitting initLedger transaction to smart contract on mychannel"
echo "The transaction is sent to the two peers with the chaincode installed (peer0.org1.example.com and peer0.org2.example.com) so that chaincode is built before receiving the following requests"
docker exec \
-e CORE_PEER_LOCALMSPID=Org1MSP \
-e CORE_PEER_MSPCONFIGPATH=${ORG1_MSPCONFIGPATH} \
cli \
peer chaincode invoke \
-o orderer.example.com:7050 \
-C mychannel \
-n fabcar \
-c '{"function":"initLedger","Args":[]}' \
--waitForEvent \
--tls \
--cafile ${ORDERER_TLS_ROOTCERT_FILE} \
--peerAddresses peer0.org1.example.com:7051 \
--peerAddresses peer0.org2.example.com:9051 \
--tlsRootCertFiles ${ORG1_TLS_ROOTCERT_FILE} \
--tlsRootCertFiles ${ORG2_TLS_ROOTCERT_FILE}
set +x
cat <<EOF
Total setup execution time : $(($(date +%s) - starttime)) secs ...
EOF
And this is the error when executing node query.js...
allet path: /home/seans/go/src/fabric-samples/fabcar/javascript/wallet
2020-06-20T00:08:33.951Z - warn: [Query]: evaluate: Query ID "[object Object]" of peer "peer1.org1.example.com:8051" failed: message=cannot retrieve package for chaincode fabcar/1.6, error open /var/hyperledger/production/chaincodes/fabcar.1.6: no such file or directory, stack=Error: cannot retrieve package for chaincode fabcar/1.6, error open /var/hyperledger/production/chaincodes/fabcar.1.6: no such file or directory
at self._endorserClient.processProposal (/home/seans/node_modules/fabric-client/lib/Peer.js:144:36)
at Object.onReceiveStatus (/home/seans/node_modules/grpc/src/client_interceptors.js:1212:9)
at InterceptingListener._callNext (/home/seans/node_modules/grpc/src/client_interceptors.js:568:42)
at InterceptingListener.onReceiveStatus (/home/seans/node_modules/grpc/src/client_interceptors.js:618:8)
at callback (/home/seans/node_modules/grpc/src/client_interceptors.js:847:24), status=500, , url=grpcs://localhost:8051, name=peer1.org1.example.com:8051, grpc.max_receive_message_length=-1, grpc.max_send_message_length=-1, grpc.keepalive_time_ms=120000, grpc.http2.min_time_between_pings_ms=120000, grpc.keepalive_timeout_ms=20000, grpc.http2.max_pings_without_data=0, grpc.keepalive_permit_without_calls=1, name=peer1.org1.example.com:8051, grpc.ssl_target_name_override=peer1.org1.example.com, grpc.default_authority=peer1.org1.example.com, isProposalResponse=true
Failed to evaluate transaction: Error: cannot retrieve package for chaincode fabcar/1.6, error open /var/hyperledger/production/chaincodes/fabcar.1.6: no such file or directory

I would recommend a couple of things.
Check to see if you're using the 2.X release of Fabric (v2.1.1 is the latest stable version at the moment). It has the new lifecycle functionality which will make working with chaincode a lot easier. For instance, with the new lifecycle, installing and upgrading a chaincode follows the same process and commands, you use peer lifecycle chaincode install to install and/or upgrade a chaincode.
The overall flow to deploy chaincode becomes pretty straightforward (1) package the chaincode, (2) install it on your peers, (3) approve the chaincode definition for your organization, and (4) commit the definition to your channel.
You can use the test-network tutorial to get set up with 2.X, it takes you through the complete network and chaincode set up. Look at network.sh and deployCC.sh scripts from the tutorial for details on how to work with Chaincode.
Further Reading
The upgrade process with new lifecycle based chaincode mgmt.
Blog on deploying CC with Fabric 2.X based on the test-network.

Adding org to existing network fails with mismatched channel ID $CHANNEL_NAME != mychannel

Am trying to add an org to existing channle and following the steps from https://hyperledger-fabric.readthedocs.io/en/release-1.4/channel_update_tutorial.html,
but at the final step for channel update
" peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA"
It is failing with
"Error: Invalid channel create transaction : mismatched channel ID $CHANNEL_NAME != mychannel
"
does anyoe have idea about it.
I even check the CHANNEL_NAME vairable value and tried replacing $CHANNEL_NAME directly with mychannel as
" peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer.example.com:7050 --tls --cafile $ORDERER_CA"
But same error

Found the reason,
The step to create envelope for "org3_update.json" and adding header fields to form "org3_update_in_envelope.json" has the issue
echo '{"payload":{"header":{"channel_header":{"channel_id":"$CHANNEL_NAME", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json
here the "channel_id":"$CHANNEL_NAME" is not taken as environment variable and is actually consider as value , that's why "org3_update_in_envelope.json" file gets header "$CHANNEL_NAME" entry and not the actually channel name as mychannel

To fix it, add a single quotes around the variable like this:
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json
reference this change.

hyperledger fabric multi host error with connection orderer

I am trying to connect multi host with hyperledger fabric 1.2.
I used docker swarm with virtualbox.
I executed this code with PC1.
docker swarm init
docker swarm join-token manager
docker network create --attachable --driver overlay byfn
and executed code like this to make it join PC1.
docker swarm join — token SWMTKN-1–3as8cvf3yxk8e7zj98954jhjza3w75mngmxh543llgpo0c8k7z-61zyibtaqjjimkqj8p6t9lwgu 172.16.0.153:2377
and executed each PC1 command in a separate terminal on PC1.
and executed each PC2 command in a separate terminal on PC2.
but, when I execute cli command, error occurred.
2018-08-07 01:53:32.659 UTC [grpc] Printf -> DEBU 040 grpc: addrConn.createTransport failed to connect to {0.0.0.0:7050 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial tcp 0.0.0.0:7050: connect: connection refused". Reconnecting...
2018-08-07 01:53:32.659 UTC [grpc] Printf -> DEBU 041 pickfirstBalancer: HandleSubConnStateChange: 0xc420460ad0, TRANSIENT_FAILURE
2018-08-07 01:53:34.326 UTC [grpc] Printf -> DEBU 042 pickfirstBalancer: HandleSubConnStateChange: 0xc420460ad0, CONNECTING
2018-08-07 01:53:34.328 UTC [grpc] Printf -> DEBU 043 grpc: addrConn.createTransport failed to connect to {0.0.0.0:7050 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial tcp 0.0.0.0:7050: connect: connection refused". Reconnecting...
2018-08-07 01:53:34.328 UTC [grpc] Printf -> DEBU 044 pickfirstBalancer: HandleSubConnStateChange: 0xc420460ad0, TRANSIENT_FAILURE
Error: failed to create deliver client: orderer client failed to connect to orderer.example.com:7050: failed to create new connection: context deadline exceeded
!!!!!!!!!!!!!!! Channel creation failed !!!!!!!!!!!!!!!!
========= ERROR !!! FAILED to execute End-2-End Scenario ===========
orderer error logs
2018-08-07 06:29:04.357 UTC [grpc] Println -> DEBU 0c6 grpc: Server.Serve failed to create ServerTransport: connection error: desc = "transport: http2Server.HandleStreams received bogus greeting from client: \"\\x16\\x03\\x01\\x00\\xb2\\x01\\x00\\x00\\xae\\x03\\x03\\x04w\\xffLbc0\\x94\\xec\\x8cV\\xdfa\""
2018-08-07 06:29:05.340 UTC [grpc] Println -> DEBU 0c7 grpc: Server.Serve failed to create ServerTransport: connection error: desc = "transport: http2Server.HandleStreams received bogus greeting from client: \"\\x16\\x03\\x01\\x00\\xb2\\x01\\x00\\x00\\xae\\x03\\x03\\xb6\\x8cU-\\xfa\\xd8&\\x8fp\\x16(:\\xa4\""
2018-08-07 06:29:07.053 UTC [grpc] Println -> DEBU 0c8 grpc: Server.Serve failed to create ServerTransport: connection error: desc = "transport: http2Server.HandleStreams received bogus greeting from client: \"\\x16\\x03\\x01\\x00\\xb2\\x01\\x00\\x00\\xae\\x03\\x03\\xfe\\xcf\\xd1\\xea,7we\\xa3\\x10Γ\\x06\""
I refer to this site.
https://medium.com/#wahabjawed/hyperledger-fabric-on-multiple-hosts-a33b08ef24f
Network Topology
PC1
CA0
CA1
ORDERER
PEER0(ORG1)
PC2
PEER0(ORG2)
CLI
PC1
CA0
docker run --rm -it --network="byfn" --name ca_peerOrg1 \
-p 7054:7054 \
-e CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=byfn \
-e FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server \
-e FABRIC_CA_SERVER_CA_NAME=ca-org1 \
-e FABRIC_CA_SERVER_TLS_ENABLED=true \
-e FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem \
-e FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/e723fd0eac7f338381b2bb7f74b417ae42ed28b3c47faaa119837f2405c337da_sk \
-v $PWD/crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config \
hyperledger/fabric-ca \
sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/e723fd0eac7f338381b2bb7f74b417ae42ed28b3c47faaa119837f2405c337da_sk -b admin:adminpw -d'
CA1
docker run --rm -it --network="byfn" --name ca_peerOrg2
-p 8054:7054
-e CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=byfn
-e FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
-e FABRIC_CA_SERVER_CA_NAME=ca-org2
-e FABRIC_CA_SERVER_TLS_ENABLED=true
-e FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
-e FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/3d8b514fa72a496e6715413d4c2dec90c335c827c7049a8de0aa712435ce1f7f_sk
-v $PWD/crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
hyperledger/fabric-ca
sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/3d8b514fa72a496e6715413d4c2dec90c335c827c7049a8de0aa712435ce1f7f_sk -b admin:adminpw -d'
orderer
docker run --rm -it --network="byfn" --name orderer.example.com \
-p 7050:7050 \
-e CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=byfn \
-e ORDERER_GENERAL_LOGLEVEL=DEBUG \
-e ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 \
-e ORDERER_GENERAL_LISTENPORT=7050 \
-e ORDERER_GENERAL_GENESISMETHOD=file \
-e ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block \
-e ORDERER_GENERAL_LOCALMSPID=OrdererMSP \
-e ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp \
-e ORDERER_GENERAL_TLS_ENABLED=false \
-e ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key \
-e ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt \
-e ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] \
-v $PWD/channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block \
-v $PWD/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/:/var/hyperledger/orderer/msp \
-v $PWD/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls \
-v orderer.example.com:/var/hyperledger/production/orderer \
-w /opt/gopath/src/github.com/hyperledger/fabric \
hyperledger/fabric-orderer \
orderer
peer0
docker run --rm -it --network="byfn" --name peer0.org1.example.com \
--link orderer.example.com:orderer.example.com \
-p 7051:7051 \
-p 7053:7053 \
-e CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=byfn \
-e CORE_PEER_ID=peer0.org1.example.com \
-e CORE_PEER_ADDRESS=peer0.org1.example.com:7051 \
-e CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 \
-e CORE_PEER_LOCALMSPID=Org1MSP \
-e CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock \
-e CORE_LOGGING_LEVEL=DEBUG \
-e CORE_PEER_TLS_ENABLED=true \
-e CORE_PEER_GOSSIP_USELEADERELECTION=true \
-e CORE_PEER_GOSSIP_ORGLEADER=false \
-e CORE_PEER_PROFILE_ENABLED=true \
-e CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt \
-e CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key \
-e CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt \
-v /var/run/:/host/var/run/ \
-v $PWD/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp \
-v $PWD/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls \
-v peer0.org1.example.com:/var/hyperledger/production \
-w /opt/gopath/src/github.com/hyperledger/fabric/peer \
hyperledger/fabric-peer \
peer node start
PC2
peer0
docker run --rm -it --network="byfn" --name peer0.org2.example.com \
--link orderer.example.com:orderer.example.com \
-p 9051:7051 \
-p 9053:7053 \
-e CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=byfn \
-e CORE_PEER_ID=peer0.org2.example.com \
-e CORE_PEER_ADDRESS=peer0.org2.example.com:7051 \
-e CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051 \
-e CORE_PEER_LOCALMSPID=Org2MSP \
-e CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock \
-e CORE_LOGGING_LEVEL=DEBUG \
-e CORE_PEER_TLS_ENABLED=true \
-e CORE_PEER_GOSSIP_USELEADERELECTION=true \
-e CORE_PEER_GOSSIP_ORGLEADER=false \
-e CORE_PEER_PROFILE_ENABLED=true \
-e CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt \
-e CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key \
-e CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt \
-v /var/run/:/host/var/run/ \
-v $PWD/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp \
-v $PWD/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls \
-v peer0.org2.example.com:/var/hyperledger/production \
-w /opt/gopath/src/github.com/hyperledger/fabric/peer \
hyperledger/fabric-peer \
peer node start
cli
docker run --rm -it --network="byfn" --name cli \
--link orderer.example.com:orderer.example.com \
--link peer0.org1.example.com:peer0.org1.example.com \
--link peer0.org2.example.com:peer0.org2.example.com \
-p 12051:7051 \
-p 12053:7053 \
-e CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=byfn \
-e GOPATH=/opt/gopath \
-e CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock \
-e CORE_LOGGING_LEVEL=DEBUG \
-e CORE_PEER_ID=cli \
-e CORE_PEER_ADDRESS=peer0.org1.example.com:7051 \
-e CORE_PEER_LOCALMSPID=Org1MSP \
-e CORE_PEER_TLS_ENABLED=true \
-e CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt \
-e CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key \
-e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt \
-e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp \
-v /var/run/:/host/var/run/ \
-v $PWD/crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ \
-v $PWD/scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ \
-v $PWD/channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts \
-v $HOME/fabric-samples/chaincode/:/opt/gopath/src/github.com/chaincode \
-w /opt/gopath/src/github.com/hyperledger/fabric/peer \
hyperledger/fabric-tools \
/bin/bash \
-c './scripts/script.sh'
script.sh
#!/bin/bash
echo
echo " ____ _____ _ ____ _____ "
echo "/ ___| |_ _| / \ | _ \ |_ _|"
echo "\___ \ | | / _ \ | |_) | | | "
echo " ___) | | | / ___ \ | _ < | | "
echo "|____/ |_| /_/ \_\ |_| \_\ |_| "
echo
echo "Build your first network (BYFN) end-to-end test"
echo
CHANNEL_NAME="$1"
DELAY="$2"
LANGUAGE="$3"
TIMEOUT="$4"
VERBOSE="$5"
: ${CHANNEL_NAME:="mychannel"}
: ${DELAY:="3"}
: ${LANGUAGE:="golang"}
: ${TIMEOUT:="10"}
: ${VERBOSE:="false"}
LANGUAGE=`echo "$LANGUAGE" | tr [:upper:] [:lower:]`
COUNTER=1
MAX_RETRY=5
CC_SRC_PATH="github.com/chaincode/chaincode_example02/go/"
if [ "$LANGUAGE" = "node" ]; then
CC_SRC_PATH="/opt/gopath/src/github.com/chaincode/chaincode_example02/node/"
fi
echo "Channel name : "$CHANNEL_NAME
# import utils
. scripts/utils.sh
createChannel() {
setGlobals 0 1
if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then
set -x
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx >&log.txt
res=$?
set +x
else
set -x
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA >&log.txt
res=$?
set +x
fi
cat log.txt
verifyResult $res "Channel creation failed"
echo "===================== Channel '$CHANNEL_NAME' created ===================== "
echo
}
joinChannel () {
for org in 1 2; do
for peer in 0 1; do
joinChannelWithRetry $peer $org
echo "===================== peer${peer}.org${org} joined channel '$CHANNEL_NAME' ===================== "
sleep $DELAY
echo
done
done
}
## Create channel
echo "Creating channel..."
createChannel
## Join all the peers to the channel
echo "Having all peers join the channel..."
joinChannel
## Set the anchor peers for each org in the channel
echo "Updating anchor peers for org1..."
updateAnchorPeers 0 1
echo "Updating anchor peers for org2..."
updateAnchorPeers 0 2
## Install chaincode on peer0.org1 and peer0.org2
echo "Installing chaincode on peer0.org1..."
installChaincode 0 1
echo "Install chaincode on peer0.org2..."
installChaincode 0 2
# Instantiate chaincode on peer0.org2
#echo "Instantiating chaincode on peer0.org2..."
#instantiateChaincode 0 2
# Query chaincode on peer0.org1
#echo "Querying chaincode on peer0.org1..."
#chaincodeQuery 0 1 100
# Invoke chaincode on peer0.org1 and peer0.org2
#echo "Sending invoke transaction on peer0.org1 peer0.org2..."
#chaincodeInvoke 0 1 0 2
## Install chaincode on peer1.org2
#echo "Installing chaincode on peer1.org2..."
#installChaincode 1 2
# Query on chaincode on peer1.org2, check if the result is 90
#echo "Querying chaincode on peer1.org2..."
#chaincodeQuery 1 2 90
echo
echo "========= All GOOD, BYFN execution completed =========== "
echo
echo
echo " _____ _ _ ____ "
echo "| ____| | \ | | | _ \ "
echo "| _| | \| | | | | | "
echo "| |___ | |\ | | |_| | "
echo "|_____| |_| \_| |____/ "
echo
exit 0

I just resolved the same issue just deleting all docker images of fabric and the volumes too. And re installed with the fabric version 1.2.0-rc1curl -sSL http:// url /2ysbOFE | bash -s 1.2.0-rc1 url: bit dot ly I can't post that url
Edit: you can check if your docker containers have some capabilities troubles? with docker logs _container_name_
In container name you should put the container name of the dead container, you can check out with docker ps -a, the 'exit (n time) ago'.
If you have capabilities troubles please put capabilities like that capabilities there are in configtx.yaml

One of the problems could be that you have an old version of the cryptogen tool, if you are pointing to an old version of it, your crypto files must be all corruped, you should always point to your version downloaded with the examples.
Another solution can be disable the firewall in both PCs, be sure that they can see each other, and open the correspondant ports, also you should add a extra-hosts section to your docker compose files (check the link below, I talk about that in the blog)
If you had run lot of tests, clean all images and containers, that always help.
If nothing of that works, I wrote a tutorial based on the basic-network example and how to run it in multiple hosts, maybe you can take some information from there.
Setup Hyperledger Fabric in multiple physical machines
Please, feel free to ask, if you have doubts!

Build Your First Network example does not update balance after switching the endorsement policy from OR to AND

I am experimenting with changing the fabric chaincode endorsement policy from OR to AND. When the endorsement policy is OR, everything works fine and the balances are updated. After I have switched the endorsement policy to AND and recreate all containers, the balances are not updated anymore. In the peer0 org1 container, I see the following warnings and errors. Similar errors are found in peer0 org2 container too.
2018-02-15 20:08:11.778 UTC [vscc] Invoke -> WARN 8d4 Endorsement policy failure for transaction txid=2742f25b173374674c6f9796fe11d8ad37bc52fe332ffa420fa04a272b67d927, err: Failed to authenticate policy
2018-02-15 20:08:11.779 UTC [txvalidator] VSCCValidateTxForCC -> ERRO 8de VSCC check failed for transaction txid=2742f25b173374674c6f9796fe11d8ad37bc52fe332ffa420fa04a272b67d927, error VSCC error: policy evaluation failed, err Failed to authenticate policy
2018-02-15 20:08:11.779 UTC [txvalidator] validateTx -> ERRO 8e2 VSCCValidateTx for transaction txId = 2742f25b173374674c6f9796fe11d8ad37bc52fe332ffa420fa04a272b67d927 returned error VSCC error: policy evaluation failed, err Failed to authenticate policy
2018-02-15 20:08:11.780 UTC [valimpl] preprocessProtoBlock -> WARN 8ea Block [4] Transaction index [0] marked as invalid by committer. Reason code [10]
The only thing I have changed is the policy part of the peer chaincode instantiate command: -P "AND ('Org1MSP.member','Org2MSP.member')"
Are there other configurations or commands need to be changed? Thank You!
cd to the first-network directory and execute the following commands:
../../bin/cryptogen generate --config=./crypto-config.yaml
export FABRIC_CFG_PATH=$PWD
../../bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
export CHANNEL_NAME=mychannel && ../../bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
../../bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP
../../bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org2MSP
docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml up -d
Get into the cli container and execute the following commands:
docker exec -it cli bash
export CHANNEL_NAME=mychannel
echo $CHANNEL_NAME
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel join -b mychannel.block
CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt CHANNEL_NAME=mychannel peer channel join -b mychannel.block
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt CHANNEL_NAME=mychannel peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go/
CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt CHANNEL_NAME=mychannel peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go/
peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "AND ('Org1MSP.member','Org2MSP.member')"
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}' #this shows 100 as expected
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}' #this shows 200 as expected
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}' #this still shows 100 and is not changed.
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}' #this still shows 200 and is not changed.

That makes sense, because the peer CLI (peer chaincode *, peer channel *, etc. etc.) binary can only collect an endorsement from a single peer.
When you define CORE_PEER_ADDRESS it basically tells the peer CLI, which peer it should contact.
An endorsment policy that has an AND, obviously needs more than 1 peer, so that's why the transactions fail...

How to upgrade a chaincode after modification?

I am new to hyperledger and is going through the example here . I am tried to play around the chaincode but is now stuck at the part where I am suppose to upgrade the chaincode
I have tried to execute the peer chaincode upgrade within the docker peer node:
peer chaincode upgrade -n tuna-app -p github.com/tuna-app
but end up with the error
Error getting (testchainid) orderer endpoint: Error endorsing GetConfigBlock: rpc error: code = Unknown desc = chaincode error (status: 500, message: "GetConfigBlock" request failed authorization check for channel [testchainid]: [Failed to get policy manager for channel [testchainid]])

You need to specify the channel name for which you'd like to upgrade the chaincode, also need to specify args and new version. Moreover you have to specify the ordering service endpoints so peer cli will be able to submit the upgrade transaction:
peer chaincode upgrade -n tuna-app -v 2.0 \
-c '{"Args":[""]}' \
-p github.com/tuna-app -C mychannel \
-o orderer:7051
You can find more here.

Here you have some basic script in bash:
#!/bin/bash
PRV_VERSION='v2';
VERSION='v3';
CONTAINER_IDS=$(docker ps -a | grep "mycc-$PRV_VERSION" | awk '{print $1}')
docker rm -f $CONTAINER_IDS
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/users/Admin#org1.example.com/msp" peer0.org1.example.com \
peer chaincode install \
-n mycc \
-v $VERSION \
-p /etc/hyperledger/chaincode \
-l node;
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/users/Admin#org1.example.com/msp" peer1.org1.example.com \
peer chaincode install \
-n mycc \
-v $VERSION \
-p /etc/hyperledger/chaincode \
-l node;
docker exec -e "CORE_PEER_LOCALMSPID=Org2MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/users/Admin#org2.example.com/msp" peer0.org2.example.com \
peer chaincode install \
-n mycc \
-v $VERSION \
-p /etc/hyperledger/chaincode \
-l node;
docker exec -e "CORE_PEER_LOCALMSPID=Org2MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/users/Admin#org2.example.com/msp" peer1.org2.example.com \
peer chaincode install \
-n mycc \
-v $VERSION \
-p /etc/hyperledger/chaincode \
-l node;
sleep 10;
ORDERER_CA=/etc/hyperledger/organizations/users/Admin#example.com/msp/tlscacerts/tlsca.example.com-cert.pem
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" \
-e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/users/Admin#org1.example.com/msp" \
peer0.org1.example.com \
peer chaincode upgrade \
-o orderer.example.com:7050 --tls --cafile $ORDERER_CA \
-C mychannel \
-n mycc \
-v $VERSION \
-c '{"Args":[""]}' \
-p /etc/hyperledger/chaincode
ORDERER_CA=/etc/hyperledger/organizations/users/Admin#example.com/msp/tlscacerts/tlsca.example.com-cert.pem
docker exec -e "CORE_PEER_LOCALMSPID=Org2MSP" \
-e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/users/Admin#org2.example.com/msp" \
peer0.org2.example.com \
peer chaincode upgrade \
-o orderer.example.com:7050 --tls --cafile $ORDERER_CA \
-C mychannel \
-n mycc \
-v $VERSION \
-c '{"Args":[""]}' \
-p /etc/hyperledger/chaincode
You need of course share some certs to your peer0.org1 and of course the chaincode itself (in js or go), here you have some docker-compose.yml part:
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
ports:
- 7051:7051
- 7053:7053
volumes:
- ./channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/:/etc/hyperledger/crypto/peer
- ./channel/crypto-config/peerOrganizations/org1.example.com/users:/etc/hyperledger/peer/users
- ./channel/crypto-config/ordererOrganizations/example.com/users:/etc/hyperledger/organizations/users
- ./src/github.com/example_cc/node:/etc/hyperledger/chaincode
Then you can check the logs by:
docker logs dev-peer0.org1.example.com-mycc-v3 -f
I need to say, that upgrading chaincode in development take the same amount of time as just recreate whole blockchain (without pulling new images - this should be removed from ./runApp.sh script).

Resources