Built a network, added orderers to the channel here referenced as: channelname
The following folders are mounted on the container
# docker-compose.yaml
volumes:
- "~/container-volumes/$docker_peer0/production:/var/hyperledger/production"
- "~/organizations/peerOrganizations/$company/peers/$docker_peer0/msp:/etc/hyperledger/fabric/msp"
- "~/organizations/peerOrganizations/$company/peers/$docker_peer0/tls:/etc/hyperledger/fabric/tls"
Trying to join a peer to a channel, but gives bad proposal response 500: access denied.
Build the channel configuration block with the following command:
./configtxgen -profile SampleAppChannelEtcdRaft -outputBlock genesis_block.pb -channelID channelname
Next joined the orderers to the channel using the following command with an identity enrolled with role admin
./osnadmin channel join --channel-id channelname --config-block ~/Downloads/bin/genesis_block.pb -o localhost:9440 --ca-file $OSN_TLS_CA_ROOT_CERT --client-cert $ADMIN_TLS_SIGN_CERT --client-key $ADMIN_TLS_PRIVATE_KEY
Next I copy the generated genesis_block.pb to a mounted folder on the container so it is reachable for the following command which we use to join the peer to the channel:
docker exec -it peer0 peer channel join -b /var/hyperledger/production/genesis_block.pb -o vm01:9440 --clientauth --cafile /etc/hyperledger/fabric/msp/tls/tls-ca-cert.pem --certfile /etc/hyperledger/fabric/msp/user/peer-admin/tls/cert.pem --keyfile /etc/hyperledger/fabric/msp/user/peer-admin/tls/key.pem
This results in the following error
[channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: proposal failed (err: bad proposal response 500: access denied for [JoinChain][channelname]: [Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [The identity is not an admin under this MSP [org1msp]: The identity does not contain OU [ADMIN], MSP: [org1msp]]])
The admin used for this command is peer-admin that was enrolled with the TLS-CA and the organizational CA. Also the config.yaml for OU's is present in peer-admin msp.
I also tried to set the CORE_PEER_MSPCONFIGPATH to the msp dir of peer-admin (peer0/msp/user/peer-admin/msp), but this results on a hard exit of the container on startup. fabric-chaincode-500-access-errors
I can't seem to figure out where it goes wrong, has it something to do with the --cafile, --certfile or --keyfile that you have to set within the peer channel join command or something else?
Edit:
This is the config file.
$docker_peer1_service_name:
image: hyperledger/fabric-peer:2.3
container_name: $docker_peer1_container_name
environment:
- FABRIC_CFG_PATH=/etc/hyperledger/fabric
- CORE_PEER_ID=$docker_peer1
- CORE_PEER_NETWORKID=test
- CORE_PEER_LISTENADDRESS=0.0.0.0:7081
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7082
- CORE_PEER_CHAINCODEADDRESS=localhost:7082
- CORE_PEER_ADDRESS=localhost:7081
- CORE_PEER_MSPCONFIGPATH=msp
- CORE_PEER_LOCALMSPID=$company
- CORE_PEER_FILESYSTEMPATH=/var/hyperledger/production
- CORE_PEER_GOSSIP_BOOTSTRAP=127.0.0.1:7091
- CORE_PEER_GOSSIP_ENDPOINT=localhost:7081
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=localhost:7081
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/cert.pem
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/tls-ca-cert.pem
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=tls/tls-ca-cert.pem
- CORE_PEER_TLS_CLIENTCERT_FILE=/etc/hyperledger/fabric/tls/cert.pem
- CORE_PEER_TLS_CLIENTKEY_FILE=/etc/hyperledger/fabric/tls/key.pem
- CORE_PEER_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_PEER_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer1-couchdb:5985
- CORE_PEER_LEDGER_STATE_COUCHDBCONFIG_USERNAME=$docker_peer1_couchdb_username
- CORE_PEER_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=$docker_peer1_couchdb_pass
- CORE_PEER_LEDGER_SNAPSHOTS=var/hyperledger/production/snapshots
#- CORE_PEER_OPERATIONS_LISTENADDRESS=127.0.0.1:9443
#- CORE_PEER_OPERATIONS_TLS_ENABLED=true
#- CORE_PEER_OPERATIONS_TLS_CERT_FILE=
#- CORE_PEER_OPERATIONS_TLS_KEY_FILE=
#- CORE_PEER_OPERATIONS_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_METRICS_PROVIDER=disabled
#- CORE_PEER_METRICS_STATSD_ADDRESS=127.0.0.1:8125
#- FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=127.0.0.1:9444
ports:
- "7081:7081"
- "7082:7082"
- "7091:7091"
volumes:
- "~/container-volumes/$docker_peer1/production:/var/hyperledger/production"
- "~/organizations/peerOrganizations/$company/peers/$docker_peer1/msp:/etc/hyperledger/fabric/msp"
- "~/organizations/peerOrganizations/$company/peers/$docker_peer1/tls:/etc/hyperledger/fabric/tls"
I believe you will need to set the MSPID to use when you are running the peer channel join ... command.
Try setting CORE_PEER_LOCALMSPID to org1msp
Related
I am trying to add a new Orderer Organization to RAFT based existing ordering service. I am using the first-network from fabric-samples as the base network. While generating crypto-material, I have modified to generate crypto-material for 1 more orderer organization. The crypto-config.yaml looks like:
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
- Hostname: orderer2
- Hostname: orderer3
- Hostname: orderer4
- Hostname: orderer5
- Name: Orderer1
Domain: example1.com
EnableNodeOUs: true
Specs:
- Hostname: orderer
- Hostname: orderer2
- Hostname: orderer3
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
Also, the configtx.yaml for creating new Orderer organization's MSP in JSON format is given as:
Organizations:
- &Orderer1Org
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Orderer1Org
# ID to load the MSP definition as
ID: Orderer1MSP
MSPDir: ../crypto-config/ordererOrganizations/example1.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Orderer1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Orderer1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Orderer1MSP.admin')"
Then I boot up the the network using byfn.sh. Now I use the cli container to modify the system channel configuration in following steps:
First I add the organization's JSON to the Orderer group as follows and submit channel update:
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"Orderer1Org":.[1]}}}}}' config.json orderer1org.json > modified_config.json
Then I add organization's JSON to the Consortium group as follows and submit channel update:
jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"SampleConsortium":{"groups": {"Orderer1MSP":.[1]}}}}}}}' config1.json orderer1org.json > modified_config1.json
Then I add organization's orderer1 TLS certificates to Consenters section and submit channel update:
cert=`base64 ../crypto/ordererOrganizations/example1.com/orderers/orderer.example1.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified_config1.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "orderer.example1.com", "port": 7050, "server_tls_cert": "'$cert'"}] ' > modified_config2.json
Then I update the system channel configuration's Application group with new Orderer Org's JSON:
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Orderer1Org":.[1]}}}}}' config.json orderer1org.json > modified_config.json
Then I start one of the orderers in the new organization (orderer.example1.com) but the container is failing with following error:
2020-04-09 13:09:05.600 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> WARN 0e8 Received status:FORBIDDEN from orderer.example.com:7050: forbidden pulling the cha
nnel
2020-04-09 13:09:05.600 UTC [orderer.common.cluster.replication] func1 -> WARN 0e9 Received error of type 'forbidden pulling the channel' from {orderer.example.com:7050 [certs]}
The orderer.example.com logs throw this error:
2020-04-09 13:28:59.338 UTC [cauthdsl] deduplicate -> ERRO a3c Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authorit
y) for identity 0
2020-04-09 13:28:59.338 UTC [cauthdsl] deduplicate -> ERRO a3d Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authorit
y) for identity 0
2020-04-09 13:28:59.339 UTC [cauthdsl] deduplicate -> ERRO a3e Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authorit
y) for identity 0
2020-04-09 13:28:59.340 UTC [cauthdsl] deduplicate -> ERRO a3f Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authorit
y) for identity 0
2020-04-09 13:28:59.340 UTC [common.deliver] deliverBlocks -> WARN a40 [channel: byfn-sys-channel] Client authorization revoked for deliver request from 172.25.0.15:36196: implic
it policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
2020-04-09 13:28:59.341 UTC [comm.grpc.server] 1 -> INFO a41 streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.25.0.15:36196
grpc.peer_subject="CN=orderer.example1.com,L=San Francisco,ST=California,C=US" grpc.code=OK grpc.call_duration=4.992078ms
I was able to extend the first-network by adding a new Orderer Organization as follows:
Start the first-network through the byfn.sh script in the fabric-samples repo in the etcdraft mode.
I generated crypto-material like described in the crypto-config.yaml in the question above.
Use the configtxgen tool to print the new orderer organization's MSP into JSON format.
Mount or docker cp this JSON file to the running cli container.
Set the environment inside the cli container corresponding to existing ordering node. Import the latest system-channel configuration. Decode it to JSON format.
Edit the system channel configuration block's Orderer section to add the new orderer organization's MSP as follows:
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"Orderer1Org":.[1]}}}}}' config.json orderer1org.json > config1.json
Edit the system channel configuration block's Consortiums section to add the new orderer organization's MSP as follows:
jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"SampleConsortium":{"groups": {"Orderer1MSP":.[1]}}}}}}}' config1.json orderer1org.json > config2.json
Edit the system channel configuration block's Consenters section to add the TLS credentials for the new orderer organization's orderer.example1.com node as follows:
cert=`base64 ../crypto/ordererOrganizations/example1.com/orderers/orderer.example1.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat config2.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "orderer.example1.com", "port": 7050, "server_tls_cert": "'$cert'"}] ' > modified_config.json
Encode the block, find delta, create channel update transaction, encode it as protobuf envelope and submit the channel update transaction.
Fetch the latest system channel configuration block.
Start one of the orderers (the one who was added to consenters list previously) using this latest fetched system channel configuration block as it's genesis.block file.
Perform docker exec into the cli container. Using the environment of an existing orderer node, fetch the latest system channel configuration.
Edit the system channel configuration block to add the new orderer's endpoint in the OrdererAddresses section as follows:
cat config.json | jq '.channel_group.values.OrdererAddresses.value.addresses += ["orderer.example1.com:7050"] ' > modified_config.json
Encode the block, find delta, create channel update transaction, encode it as protobuf envelope and get the block signed by Orderer1Org admin to satify the mod_policy for /Channel/OrdererAddresses resource which is set to Admins policy. This implicit meta policy expects the signature of MAJORITY Admins at that level of update. So, as the number of orderer organizations are 2 now, we need both the organization's admins to sign this system channel update transaction. Set the environment corresponding to Orderer1Org admin and run the following command:
peer channel signconfigtx -f ordorg_update_in_envelope.pb
Set the environment back to OrdererOrg admin and submit the channel update transaction. The peer channel update will automatically sign the transaction on behalf of OrdererOrg admin.
peer channel update -f ordorg_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA
For updating any application channel, just replace the step 7 by updating the application channel configuration block's Application section to add the new orderer organization's MSP there.
Hope this helps!
I followed above sequence of steps to add new Orderer Organization into existing network, but channel (i.e updating config change to orderer channel) update throw error like below,
2020-09-29 00:53:49.794 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'e2e-orderer-syschan': error authorizing update: error validating DeltaSet: policy for [Value] /Channel/OrdererAddresses not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
I modified-json blocks by using below setup calls (tried mix/match combination of this below json change steps)
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' config.json ${KL_NEW_ORDERER_NAME}.json > modified-config.json
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' modified-config.json ${KL_NEW_ORDERER_NAME}.json > modified-config1.json
jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"'${KL_CONSORTIUM_NAME}'":{"groups": {"Orderermk01MSP":.[1]}}}}}}}' modified-config1.json ${KL_NEW_ORDERER_NAME}.json > modified-config2.json
LENGTH=$(jq '.channel_group.values.OrdererAddresses.value.addresses | length' modified-config2.json)
jq '.channel_group.values.OrdererAddresses.value.addresses['${LENGTH}'] |= "'${KL_NEW_ORDERER_URL}'"' modified-config2.json > modified-config3.json
cert=`base64 /hl-material/mk01-orderer/crypto-config/ordererOrganizations/${KL_DOMAIN}/orderers/orderer.mk01.${KL_DOMAIN}/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified-config3.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "raft0.mk01.'${KL_DOMAIN}'", "port": 32050, "server_tls_cert": "'$cert'"}] ' > modified-config4.json
My network setup based on HLF 2.2 LTS with 5 raft nodes under K8s cluster.
I have successful setup with multi channel, multiple peer organization on 2.2 LTS (know how to get this in dynamic way without bringdown any network). But now looking for scaling orderer organization into multiple cluster/orgs dynamically. Is any tip or update needed on above steps ? Thanks again
Mariya
I am trying to execute a chaincode I have written with couchdb and java. I use the first-network example for creating the network and instantiate the code. The network is created and the chaincode got installed without any problem. Then I enter the container and execute the transactions. At first it worked fine but suddenly it started giving me this error and now I can’t find a solution. I don't know if it is related with couchdb connection or not.
Error: error getting endorser client for invoke: endorser client failed to
connect to peer0.org2.example.com:7051: failed to create new connection:
connection error: desc = "transport: error while dialing: dial tcp
172.24.0.9:7051: connect: connection refused"
The comand i use to invocke the chaincode is the next one.
peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["createCustomer","c1","tom"]}'
UPDATE:
Many have asked if the chaincode was installed on peers, I can confirm it is.
#Egoes , it means your port is not open for the peers, check the snippet ports section, your peer docker file should look like this.
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer0.org1.example.com
- FABRIC_LOGGING_SPEC=info
- CORE_CHAINCODE_LOGGING_LEVEL=info
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
# # the following setting starts chaincode containers on the same
# # bridge network as the peers
# # https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_basic
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
# The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
# provide the credentials for ledger to connect to CouchDB. The username and password must
# match the username and password set for the associated CouchDB.
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
# command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
root#bq4_node1:/opt/fabric/bin# $FABRIC_ROOT/bin/peer channel create -o orderer.local:7050 -f $FABRIC_CFG_PATH/channel-artifacts/channel.tx -c mychannel -t 30 --tls true --cafile $ordererCa
Error: Error connecting due to rpc error: code = Unavailable desc = grpc: the connection is unavailable
Usage:
peer channel create [flags]
Although, not very clear what exactly you are trying to do, I would guess it's somehow related to the channel creation and joining a new peer to that channel.
First of all please take a look on Hyperledger Fabric documentation and tutorial on Writing Your First Application. There is also "Building Your First Network", also make sure you have followed Prerequisites.
You need to start with creating crypto material for your network entities: peer and ordering service, you can leverage cryptogen tool to receive root CA keys and signed certificates for peers and users. Here is the example of crypto-config.yaml, which will allow to generate orderer organization related crypto material as well as for two peers organizations:
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
- Name: Org1
Domain: org1.example.com
Template:
Count: 2
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
Template:
Count: 2
Users:
Count: 1
You can use cryptogen to generate results:
cryptogen generate --config=crypto-config.yaml --output=.
Next, you can use configtxgen to create configuration transaction which will allow to produce genesis block and create the channel, here an additional example. Command line command:
Generate genesis block for ordering service:
FABRIC_CFG_PATH=. configtxgen -profile TwoOrgsOrdererGenesis -outputBlock genesis.block
Generate config transaction to create new channel:
FABRIC_CFG_PATH=. configtxgen -profile TwoOrgsChannel -channelID mychannel -outputCreateChannelTx=mychannel.tx
Finally you can use peer cli command to create a new channel as you have tried in your question:
peer channel create -o orderer.local:7050 -f mychannel.tx -c mychannel -t 30 --tls true --cafile $ordererCa
Also please make sure that orderer.local is the host name of the available ordering service and also environmental variables for endorsing peers correctly configured and peer is running.
I’m learning to build a network with Hyperlegder Fabric because I have developed a network with Hyperledger Composer and the next step is to build the production network. I have started to build the first-network sample and works. I have added Org3 with 2 peers to sample and it works.
And now I want to add more peers, for example peer2.org1.example.com so I have edited files in order to create the peer2 and it is created, but when the script.sh tries to join to channel, it launches an error:
Error: Error getting endorser client channel: PER:404 - Error trying to connect to local peer
Caused by: x509: certificate is valid for peer1.org1.example.com, peer1, not peer2.org1.example.com
So, What have I done incorrectly? Thank you
When you adding a new peer to the network you need to make sure to properly setup all related crypto material underlined for that new peer. First of all make sure to add information about new peer into crypto-config.yaml file and to use cryptogen tool to generate keys and certificates for new peer. Next you need to setup configuration before starting the peer to point to the relevant crypto material for example configuration for peer0 of org2:
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051
where it's inherited from base/peer-base.yaml file:
services:
peer-base:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
#- CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 9051:7051
- 9053:7053
to wrap it up, you need to make sure to config proper MSP ID and path to tls certificates. In your case your new peer simply tries to reuse crypto material of another peer.
You can achieve this by generating the crypto material (using cryptogen extends) for the new peer, spawning the new peer and made that peer to join the existing channel on the network to sync-up.
You can find the complete guide at
Extending Hyperledger Fabric Network: Adding a new peer
I am very new to this subject and I have to go through a fabric-sample.
But at this point I have problem
Environment variables
# Environment variables for PEER0
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
But my docker-compose-base.yaml file has the following lines
environment:
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
When I run this command
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls $CORE_PEER_TLS_ENABLED --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
I have this error message
INFO 004 MSP configuration file not found at [/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/config.yaml]: [stat /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/config.yaml: no such file or directory]
I am sure this error message cased by the missing/different lines in my docker-compose-base.yaml
What could I do in this case?
Just put these lines in my file?
Or something has gone wrong at some point what I did not realize?
Please bear with me as I just have started.
Thank you
edit: I have this error message
Error: Got unexpected status: BAD_REQUEST
Usage:
peer channel create [flags]
That's not an error message, but an INFO one.
an MSP can be configured to have an OU by having that config file with the following fields in it:
OrganizationalUnitIdentifiers:
- Certificate: "cacerts/cacert.pem"
OrganizationalUnitIdentifier: "COP"
It's perfectly fine not to have this file and to see this INFO message.