I have tried the tutorial from Hyperledger Fabric with the version 2.3, where they instantiate 2 peers (Org1 and Org2) and an orderer node (Orderer) and tried to move forward to instantiate each node on a different VM. The final goal is to multiply peer and orderer nodes with a raft consensus, with each node his own VM.
I have defined the following configtx.yaml.
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ../organizations/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member','OrdererMSP.orderer')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member','OrdererMSP.orderer')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- orderer0.example.com:7050
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: ../organizations/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: ../organizations/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer0.example.com
Port: 7050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
AllOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
AllOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
On node Org1, after creating the crypto-material with cryptogen, I have created the genesis block and the application channel with configtxgen.
configtxgen -profile AllOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block -channelID mychannel
configtxgen -profile AllOrgsChannel -outputCreateChannelTx ./channel-artifacts/mychannel.tx -channelID mychannel
Next, I have shared this item to all nodes and started associated dockers. Next step is to create the channel, so on Org1 VM, I use the following command:
peer channel create -o <IP of the ordering node>:7050 --ordererTLSHostnameOverride orderer0.example.com -c mychannel -f ./channel-artifacts/mychannel.tx --outputBlock ./channel-artifacts/mychannel.block --tls –cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
I have got the following error on my shell:
2020-12-15 16:52:38.764 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: got unexpected status: FORBIDDEN -- config update for existing channel did not pass initial checks: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
Investigated in the orderer logs gives me the following error:
[36m2020-12-15 16:52:38.780 UTC [cauthdsl] func2 -> DEBU 368 [0m 0xc000902e60 signed by 0 principal evaluation starts (used [false])
[36m2020-12-15 16:52:38.780 UTC [cauthdsl] func2 -> DEBU 369 [0m 0xc000902e60 processing identity 0 - &{Org1MSP 6ead373932c104ed8f9aa3da8431824fbe733b84eeee6d8b70a0f2ddca84a932}
[36m2020-12-15 16:52:38.782 UTC [cauthdsl] func2 -> DEBU 36a [0m 0xc000902e60 identity 0 does not satisfy principal: the identity is a member of a different MSP (expected OrdererMSP, got Org1MSP)
[36m2020-12-15 16:52:38.782 UTC [cauthdsl] func2 -> DEBU 36b [0m 0xc000902e60 principal evaluation fails
[36m2020-12-15 16:52:38.782 UTC [cauthdsl] func1 -> DEBU 36c [0m 0xc000902e60 gate 1608051158780630929 evaluation fails
[36m2020-12-15 16:52:38.782 UTC [policies] EvaluateSignedData -> DEBU 36d [0m Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Writers
[36m2020-12-15 16:52:38.782 UTC [policies] EvaluateSignedData -> DEBU 36e [0m == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Writers
[36m2020-12-15 16:52:38.782 UTC [policies] func1 -> DEBU 36f [0m Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg/Writers ]
[36m2020-12-15 16:52:38.782 UTC [policies] EvaluateSignedData -> DEBU 370 [0m Signature set did not satisfy policy /Channel/Orderer/Writers
[36m2020-12-15 16:52:38.782 UTC [policies] EvaluateSignedData -> DEBU 371 [0m == Done Evaluating *policies.ImplicitMetaPolicy Policy /Channel/Orderer/Writers
[36m2020-12-15 16:52:38.782 UTC [policies] func1 -> DEBU 372 [0m Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Consortiums/Writers Orderer/Writers ]
[36m2020-12-15 16:52:38.782 UTC [policies] EvaluateSignedData -> DEBU 373 [0m Signature set did not satisfy policy /Channel/Writers
[36m2020-12-15 16:52:38.782 UTC [policies] EvaluateSignedData -> DEBU 374 [0m == Done Evaluating *policies.ImplicitMetaPolicy Policy /Channel/Writers
I assume that the orderer policy expects a channel creation demand from an orderer, but only a peer can make it. Maybe I have made a mistake in writing my policies. Please, could you help me to fix my platform?
EDIT: After yours comments, I complete:
Some of the variable environnement of Org1 are:
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
export CORE_PEER_ADDRESS=localhost:7051
The volume section of the orderer container's docker compose file is :
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/:/var/hyperledger/orderer/tls
- ../orgconfig/orderer.yaml:/etc/hyperledger/fabric/orderer.yaml
- orderer0.example.com:/var/hyperledger/production/orderer
And the Orderer config values associated to its MSP are:
General.LocalMSPDir = "/var/hyperledger/orderer/msp"
General.LocalMSPID = "OrdererMSP"
General.TLS.Enabled = true
General.TLS.PrivateKey = "/var/hyperledger/orderer/tls/server.key"
General.TLS.Certificate = "/var/hyperledger/orderer/tls/server.crt"
General.TLS.RootCAs = [/var/hyperledger/orderer/tls/ca.crt]
General.TLS.ClientAuthRequired = false
General.TLS.ClientRootCAs = []
According orderer's logs, the TLS handshake completed with no errors
The orderer logs might indicate that the certificate you have provided in the orderer's local MSP directory belongs to org1, rather than orderer org. To make sure, go in the orderer logs, and just before the lines you have provided, there must be some public certificates printed out on the logs. Copy them from the logs and throw them on a pem certificate decoder online to check which organization they belong to from the attributes of the certificate. If it is indeed the wrong certificate, make sure to include the right ones from the MSP directories for the orderer org that you have generated with cryptogen.
Related
I have two organizations for ordering (type= Raft). one of them has two orderers and the second one has three orderers, in configtx.yaml there are Ordererorg1MSP and Ordererorg2MSP MSPs.
my configtx.taml:
Organizations:
- &Ordererorg1
Name: Ordererorg1MSP
ID: Ordererorg1MSP
MSPDir: crypto-config/ordererOrganizations/org1.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg1MSP.admin')"
- &Orgorg1
Name: Orgorg1MSP
ID: Orgorg1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg1MSP.admin', 'Orgorg1MSP.peer', 'Orgorg1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Orgorg1MSP.admin', 'Orgorg1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Orgorg1MSP.admin')"
AnchorPeers:
- Host: peer1.org1.example.com
Port: 2050
- &Ordererorg2
Name: Ordererorg2MSP
ID: Ordererorg2MSP
MSPDir: crypto-config/ordererOrganizations/org2.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg2MSP.admin')"
- &Orgorg2
Name: Orgorg2MSP
ID: Orgorg2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg2MSP.admin', 'Orgorg2MSP.peer', 'Orgorg2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Orgorg2MSP.admin', 'Orgorg2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Orgorg2MSP.admin')"
AnchorPeers:
- Host: peer1.org2.example.com
Port: 2050
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- peer1.org1.orderer.example.com:7050
- peer1.org2.orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
EtcdRaft:
Consenters:
- Host: peer1.org1.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
- Host: peer1.org2.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
Channel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Orgorg1
- *Orgorg2
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *Ordererorg1
- *Ordererorg2
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *Ordererorg1
- <<: *Ordererorg2
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
when I want to create channel, I face error and the DEBUG logs says:
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7b9 0xc0007edbe0 gate 1588594370452563334 evaluation starts
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7ba 0xc0007edbe0 signed by 0 principal evaluation starts (used [false])
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7bb 0xc0007edbe0 principal evaluation fails
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7bc 0xc0007edbe0 gate 1588594370452563334 evaluation fails
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7bd Signature set did not satisfy policy /Channel/Orderer/Ordererorg2MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7be == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg2MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7bf == Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg1MSP/Readers ==
2020-05-04 12:12:50.452 UTC [cauthdsl] deduplicate -> ERRO 7c0 Principal deserialization failure (MSP OrdererMSP is unknown) for identity 0
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7c1 0xc0007fe250 gate 1588594370452661614 evaluation starts
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7c2 0xc0007fe250 signed by 0 principal evaluation starts (used [false])
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7c3 0xc0007fe250 principal evaluation fails
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7c4 0xc0007fe250 gate 1588594370452661614 evaluation fails
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c5 Signature set did not satisfy policy /Channel/Orderer/Ordererorg1MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c6 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg1MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] func1 -> DEBU 7c7 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Ordererorg1MSP/Readers Ordererorg2MSP/Readers ]
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c8 Signature set did not satisfy policy /Channel/Orderer/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c9 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Readers
2020-05-04 12:12:50.452 UTC [policies] func1 -> DEBU 7ca Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Application/Readers Consortiums/Readers Orderer/Readers ]
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7cb Signature set did not satisfy policy /Channel/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7cc == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Readers
2020-05-04 12:12:50.452 UTC [orderer.common.msgprocessor] Apply -> DEBU 7cd SigFilter evaluation failed: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied, policyName: /Channel/Readers, ConsensusState: STATE_NORMAL
2020-05-04 12:12:50.452 UTC [common.deliver] deliverBlocks -> WARN 7ce [channel: greenwebgenesis] Client authorization revoked for deliver request from 10.0.1.36:33346: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
I guess in each fabric network, we can only have one ordering organization under the MSP of OrdererMSP. is it correct?
can someone please help me on this?
In the logs you are getting Principal deserialization failure (MSP OrdererMSP is unknown) but in configtx.yaml file, you aren't using OrdererMSP hence check the value of ORDERER_GENERAL_LOCALMSPID in docker file.
Mistake: you have removed orderer orgs from consortium
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
Mistake correction:
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
- *Ordererorg1
- *Ordererorg2
I have corrected policies also if you expectily mention peer and client then the issued certificate type also should be peer and clint so make it member and you are good to go.
Please find the corrected configtx.yaml
Organizations:
- &Ordererorg1
Name: Ordererorg1MSP
ID: Ordererorg1MSP
MSPDir: crypto-config/ordererOrganizations/org1.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg1MSP.admin')"
- &Orgorg1
Name: Orgorg1MSP
ID: Orgorg1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg1MSP.member'"
Writers:
Type: Signature
Rule: "OR('Orgorg1MSP.member'"
Admins:
Type: Signature
Rule: "OR('Orgorg1MSP.admin')"
AnchorPeers:
- Host: peer1.org1.example.com
Port: 2050
- &Ordererorg2
Name: Ordererorg2MSP
ID: Ordererorg2MSP
MSPDir: crypto-config/ordererOrganizations/org2.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg2MSP.admin')"
- &Orgorg2
Name: Orgorg2MSP
ID: Orgorg2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg2MSP.member'"
Writers:
Type: Signature
Rule: "OR('Orgorg2MSP.member'"
Admins:
Type: Signature
Rule: "OR('Orgorg2MSP.admin')"
AnchorPeers:
- Host: peer1.org2.example.com
Port: 2050
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- peer1.org1.orderer.example.com:7050
- peer1.org2.orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
EtcdRaft:
Consenters:
- Host: peer1.org1.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
- Host: peer1.org2.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
Channel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Orgorg1
- *Orgorg2
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *Ordererorg1
- *Ordererorg2
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *Ordererorg1
- <<: *Ordererorg2
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
- *Ordererorg1
- *Ordererorg2
I have written book: If you know more about mastering in Hyperledger fabric you can get from here:
- https://leanpub.com/masteringhyperledgerfabric
- https://amzn.to/2Yyl1aS
I want to try the idemix feature introduced by Fabric 1.3 version. based on the repo. I did some changes in order to support idemix. But when I run java -cp blockchain-client.jar org.example.chaincode.invocation.InvokeChaincode
,btw, I omitted the step 5 for Register and enroll users, I came across
2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms` from peer container.
I set up a fabric network with minimal components. Two organizations, each has two peers and a CA. The demo is from repo. The demo's network with no idemix feature supported works well. When I add idemix section to configtx.yaml, regenerate crypto material, create a channel, etc. And the network finally is up. All containers are work well. But I interact with fab car chaincode using java-sdk, the above error info was thrown.
The following are from configtx.yaml file(just show key parts here):
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
- &Org1Idemix
Name: idemixMSP1
ID: idemixMSPID1
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org3.example.com
- &Org2Idemix
Name: idemixMSP2
ID: idemixMSPID2
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org4.example.com
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
#V1_2: false
#V1_1: false
Application: &ApplicationDefaults
Organizations:
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
TwoOrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
- *Org1Idemix
- *Org2Idemix
Application:
<<: *ApplicationDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *ApplicationCapabilities
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org1Idemix
- *Org2Idemix
Capabilities:
<<: *ApplicationCapabilities
The code I add in InvokeChaincode.java before creating channel client as follows:
// org/example/chaincode/invocation.java
UserContext normalUserContext = new UserContext();
String name = "user"+System.currentTimeMillis();
normalUserContext.setName(name);
normalUserContext.setAffiliation(Config.ORG1);
normalUserContext.setMspId(Config.ORG3_IDEMIX_MSP);
String enrollmentSecret = caClient.registerUser(name, Config.ORG1);
normalUserContext = caClient.idemixEnrollUser(normalUserContext, enrollmentSecret,normalUserContext.getMspId());
FabricClient fabClient = new FabricClient(normalUserContext);
The configuration file added code:
// org/example/config/Config.java
public static final String ORG3 = "org3";
public static final String ORG3_IDEMIX_MSP = "idemixMSPID1";
And docker-composer.yaml file remains unchanged.
All the images used are 1.4.1
I expect the endorser peer able to verify tx proposal from client with idemix enabled. But now the peer side report 2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms
I don't know why. I guess that if a peer does not support idemix tx verification. Are there some switches not open on peers? Help. Any replies will be thankful.
I am running a custom Hyperledger Fabric network that follows this arquitecture:
org1
peer0 (anchor)
peer1
orderer0
org2
peer0 (anchor)
peer1
orderer0
org3
orderer0
Once deployed, everything seems to work correctly. But, if I create a channel and join it from each one of the peers, I get the following log warning in them. Even when it is a warning, I guess it means that is not working correctly.
2019-10-07 10:38:17.323 UTC [blocksProvider] DeliverBlocks -> WARN 044 [global] Got error &{NOT_FOUND}
No errors are shown on the CLI (when I join the channel) neither on the orderers, but there is some activity in these ones after the peers join the channel, so the change is detected. The channel name is global and includes all the organizations and peers.
This is the complete log (without gossip or grpc messages):
2019-10-07 10:38:10.875 UTC [endorser] callChaincode -> INFO 024 [][ae2945c0] Entry chaincode: name:"cscc"
2019-10-07 10:38:10.877 UTC [ledgermgmt] CreateLedger -> INFO 025 Creating ledger [global] with genesis block
2019-10-07 10:38:10.886 UTC [fsblkstorage] newBlockfileMgr -> INFO 026 Getting block information from block storage
2019-10-07 10:38:10.899 UTC [couchdb] CreateDatabaseIfNotExist -> INFO 027 Created state database global_
2019-10-07 10:38:10.960 UTC [kvledger] CommitWithPvtData -> INFO 028 [global] Committed block [0] with 1 transaction(s) in 60ms (state_validation=0ms block_and_pvtdata_commit=7ms state_commit=52ms) commitHash=[]
2019-10-07 10:38:10.961 UTC [ledgermgmt] CreateLedger -> INFO 029 Created ledger [global] with genesis block
2019-10-07 10:38:10.997 UTC [sccapi] deploySysCC -> INFO 034 system chaincode lscc/global(github.com/hyperledger/fabric/core/scc/lscc) deployed
2019-10-07 10:38:10.998 UTC [cscc] Init -> INFO 035 Init CSCC
2019-10-07 10:38:10.998 UTC [sccapi] deploySysCC -> INFO 036 system chaincode cscc/global(github.com/hyperledger/fabric/core/scc/cscc) deployed
2019-10-07 10:38:10.998 UTC [qscc] Init -> INFO 037 Init QSCC
2019-10-07 10:38:10.998 UTC [sccapi] deploySysCC -> INFO 038 system chaincode qscc/global(github.com/hyperledger/fabric/core/scc/qscc) deployed
2019-10-07 10:38:10.998 UTC [sccapi] deploySysCC -> INFO 039 system chaincode (+lifecycle,github.com/hyperledger/fabric/core/chaincode/lifecycle) disabled
2019-10-07 10:38:10.998 UTC [endorser] callChaincode -> INFO 03a [][ae2945c0] Exit chaincode: name:"cscc" (123ms)
2019-10-07 10:38:17.002 UTC [blocksProvider] DeliverBlocks -> WARN 040 [global] Got error &{NOT_FOUND}
Is there a way I can get rid of the NOT_FOUND warning? I have not tried to follow and deploy chaincode but I am pretty sure it is not going to work.
Thank you for your help.
Update: This is my configtx.yaml file:
Capabilities:
Global: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
Organizations:
- &org1
Name: org1
ID: org1MSP
MSPDir: /data/orgs/org1/msp
AdminPrincipal: Role.ADMIN
Policies:
Readers:
Type: Signature
Rule: "OR('org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('org1MSP.admin')"
AnchorPeers:
- Host: peer0.org1
Port: 7051
- &org2
Name: org2
ID: org2MSP
MSPDir: /data/orgs/org2/msp
AdminPrincipal: Role.ADMIN
Policies:
Readers:
Type: Signature
Rule: "OR('org2MSP.member')"
Writers:
Type: Signature
Rule: "OR('org2MSP.member')"
Admins:
Type: Signature
Rule: "OR('org2MSP.admin')"
AnchorPeers:
- Host: peer0.org2
Port: 7051
- &org3
Name: org3
ID: org3MSP
MSPDir: /data/orgs/org3/msp
AdminPrincipal: Role.ADMIN
Policies:
Readers:
Type: Signature
Rule: "OR('org3MSP.member')"
Writers:
Type: Signature
Rule: "OR('org3MSP.member')"
Admins:
Type: Signature
Rule: "OR('org3MSP.admin')"
Orderer: &OrdererDefaults
OrdererType: kafka
Addresses:
- orderer0.org1:7050
- orderer0.org2:7050
- orderer0.org3:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
MaxChannels: 0
Kafka:
Brokers:
- bootstrap.kafka:9092
Organizations:
- *org1
- *org2
- *org3
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Application: &ApplicationDefaults
ACLs: &ACLsDefault
lscc/ChaincodeExists: /Channel/Application/Readers
lscc/GetDeploymentSpec: /Channel/Application/Readers
lscc/GetChaincodeData: /Channel/Application/Readers
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
qscc/GetChainInfo: /Channel/Application/Readers
qscc/GetBlockByNumber: /Channel/Application/Readers
qscc/GetBlockByHash: /Channel/Application/Readers
qscc/GetTransactionByID: /Channel/Application/Readers
qscc/GetBlockByTxID: /Channel/Application/Readers
cscc/GetConfigBlock: /Channel/Application/Readers
cscc/GetConfigTree: /Channel/Application/Readers
cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
peer/Propose: /Channel/Application/Writers
peer/ChaincodeToChaincode: /Channel/Application/Readers
event/Block: /Channel/Application/Readers
event/FilteredBlock: /Channel/Application/Readers
Organizations:
Policies: &ApplicationDefaultPolicies
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Profiles:
OrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *org1
- *org2
- *org3
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
- *org3
Capabilities:
<<: *ApplicationCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *org1
- *org2
OrgsChannel:
Capabilities:
<<: *ChannelCapabilities
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
The error is because you are using genesis block to join channel instead when you create channel using file channel.tx a file would be generated named channel.block pass that in your peer channel join command
peer channel join -b channel.block
I'm running a fabric network based on the 2.0 snapshot, The orderer rejects the blocks with a forbidden error.
Any idea what is wrong in the configuration?
Organizations:
- &orderer
Name: orderer
ID: orderer
MSPDir: crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: OR('orderer.member')
Writers:
Type: Signature
Rule: OR('orderer.member')
Admins:
Type: Signature
Rule: OR('orderer.admin')
- &partya
Name: partya
ID: partya
MSPDir: crypto-config/peerOrganizations/partya.example.com/msp
Policies:
Readers:
Type: Signature
Rule: OR('partya.admin', 'partya.peer', 'partya.client')
Writers:
Type: Signature
Rule: OR('partya.admin', 'partya.client')
Admins:
Type: Signature
Rule: OR('partya.admin')
AnchorPeers:
- Host: partya
Port: 7051
- &partyb
Name: partyb
ID: partyb
MSPDir: crypto-config/peerOrganizations/partyb.example.com/msp
Policies:
Readers:
Type: Signature
Rule: OR('partyb.admin', 'partyb.peer', 'partyb.client')
Writers:
Type: Signature
Rule: OR('partyb.admin', 'partyb.client')
Admins:
Type: Signature
Rule: OR('partyb.admin')
AnchorPeers:
- Host: partyb
Port: 7051
- &partyc
Name: partyc
ID: partyc
MSPDir: crypto-config/peerOrganizations/partyc.example.com/msp
Policies:
Readers:
Type: Signature
Rule: OR('partyc.admin', 'partyc.peer', 'partyc.client')
Writers:
Type: Signature
Rule: OR('partyc.admin', 'partyc.client')
Admins:
Type: Signature
Rule: OR('partyc.admin')
AnchorPeers:
- Host: partyc
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V1_1: true
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
Orderer: &OrdererDefaults
OrdererType: solo
Capabilities:
V1_1: true
Addresses:
- owneraorderer:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
BlockValidation:
Type: ImplicitMeta
Rule: ANY Writers
Organizations:
Application: &ApplicationDefaults
Capabilities:
V2_0: true
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
Organizations:
Profiles:
OwneraNetGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *orderer
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *partya
- *partyb
- *partyc
OwneraChannel:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *partya
- *partyb
- *partyc
I'm getting the following error when getting the network up:
owneraorderer | 2019-04-03 08:18:51.595 UTC [common.deliver] deliverBlocks -> WARN 10242 [channel: identities] Client authorization revoked for deliver request from 172.18.0.2:46308: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
partyc | 2019-04-03 08:18:51.597 UTC [blocksProvider] DeliverBlocks -> ERRO 2a1 [identities] Got error &{FORBIDDEN}
for me it was solved by creating config.yaml files like the example:
./crypto-config/peerOrganizations/org1.example.com/msp/config.yaml
./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/config.yaml
./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml
./crypto-config/peerOrganizations/org2.example.com/msp/config.yaml
./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml
./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/config.yaml
I'm trying to start an Hyperledger Fabric network in v1.2 with a network generated by myself (with binary configtxgen). The network starts correctly and no component indicates an error.
However, when I try to create a new channel, an error occurs at the orderer level (one of the following three errors) and no channel is created.
Orderer Server Status Code: (400) BAD_REQUEST. Description: error authorizing update: error validating ReadSet: existing config does not contain element for [Group] /Channel/Application/Org1MSP but was in the read set
or
Orderer Server Status Code: (400) BAD_REQUEST. Description: error authorizing update: error validating ReadSet: existing config does not contain element for [Group] /Channel/Application but was in the read set
or
Orderer Server Status Code: (400) BAD_REQUEST. Description: error authorizing update: error validating ReadSet: existing config does not contain element for [Value] /Channel/Consortium but was in the read set
To create the channel, I use the Go SDK on the master branch and follow the same procedure as for functional tests.
Any help would be greatly appreciated.
Detailed orderer logs
2018-07-30 07:54:34.988 UTC [cauthdsl] func2 -> DEBU 0c0 0xc42017c0b8 principal evaluation succeeds for identity 0
2018-07-30 07:54:34.988 UTC [cauthdsl] func1 -> DEBU 0c1 0xc42017c0b8 gate 1532937274988361380 evaluation succeeds
2018-07-30 07:54:34.988 UTC [policies] Evaluate -> DEBU 0c2 Signature set satisfies policy /Channel/Orderer/OrdererMSP/Writers
2018-07-30 07:54:34.988 UTC [policies] Evaluate -> DEBU 0c3 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererMSP/Writers
2018-07-30 07:54:34.988 UTC [policies] Evaluate -> DEBU 0c4 Signature set satisfies policy /Channel/Orderer/Writers
2018-07-30 07:54:34.988 UTC [policies] Evaluate -> DEBU 0c5 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Writers
2018-07-30 07:54:34.988 UTC [policies] Evaluate -> DEBU 0c6 Signature set satisfies policy /Channel/Writers
2018-07-30 07:54:34.988 UTC [policies] Evaluate -> DEBU 0c7 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Writers
2018-07-30 07:54:34.989 UTC [common/configtx] addToMap -> DEBU 0c8 Adding to config map: [Group] /Channel
2018-07-30 07:54:34.989 UTC [common/configtx] addToMap -> DEBU 0c9 Adding to config map: [Group] /Channel/Application
2018-07-30 07:54:34.989 UTC [common/configtx] addToMap -> DEBU 0ca Adding to config map: [Group] /Channel/Application/Org1MSP
2018-07-30 07:54:34.989 UTC [common/configtx] addToMap -> DEBU 0cb Adding to config map: [Value] /Channel/Consortium
2018-07-30 07:54:34.989 UTC [orderer/common/broadcast] Handle -> WARN 0cc [channel: chainhero] Rejecting broadcast of config message from 172.18.0.1:35764 because of error: error authorizing update: error validating ReadSet: existing config does not contain element for [Group] /Channel/Application but was in the read set
2018-07-30 07:54:34.989 UTC [orderer/common/server] func1 -> DEBU 0cd Closing Broadcast stream
There is no previous warning or error.
configtx.yaml
---
Organizations:
- &OrdererOrg
Name: OrdererMSP
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/hf.chainhero.io/msp
Policies: &OrdererOrgPolicies
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.hf.chainhero.io/msp
Policies: &Org1Policies
Readers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
AnchorPeers:
- Host: peer0.org1.hf.chainhero.io
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_2: true
V1_1: false
Application: &ApplicationDefaults
ACLs: &ACLsDefault
lscc/ChaincodeExists: /Channel/Application/Readers
lscc/GetDeploymentSpec: /Channel/Application/Readers
lscc/GetChaincodeData: /Channel/Application/Readers
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
qscc/GetChainInfo: /Channel/Application/Readers
qscc/GetBlockByNumber: /Channel/Application/Readers
qscc/GetBlockByHash: /Channel/Application/Readers
qscc/GetTransactionByID: /Channel/Application/Readers
qscc/GetBlockByTxID: /Channel/Application/Readers
cscc/GetConfigBlock: /Channel/Application/Readers
cscc/GetConfigTree: /Channel/Application/Readers
cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
peer/Propose: /Channel/Application/Writers
peer/ChaincodeToChaincode: /Channel/Application/Readers
event/Block: /Channel/Application/Readers
event/FilteredBlock: /Channel/Application/Readers
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Org1MemberPolicy:
Type: Signature
Rule: "OR('Org1MSP.member')"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.hf.chainhero.io:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
MaxChannels: 0
Kafka:
Brokers:
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- <<: *OrdererOrg
Policies:
<<: *OrdererOrgPolicies
Admins:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Consortiums:
SampleConsortium:
Organizations:
- <<: *Org1
Policies:
<<: *Org1Policies
Admins:
Type: Signature
Rule: "OR('Org1MSP.member')"
Channel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
I got the solution from JSKIM. Since you are using the fabric v1.2, the orderer will create a default channel when the orderer node started up with the genesis block.
I guess you are using configtxgen to generate your own channel artifacts but ignore the naming rules of the channel. So when your exec into your orderer's container:
docker exec -it <orderer's container ID> bash
and cd into the chains directory, which is set to /var/hyperledger/production/orderer/chains by default. You will notice that there is already a channel exits.
Here is the solution:
configtxgen -profile testOrgsOrdererGenesis -channelID testchannel -outputBlock ./crypto-config/ordererOrganizations/orderer.block
configtxgen -profile testorgschannel -channelID mychannel-outputCreateChannelTx ./crypto-config/ordererOrganizations/mychannel.tx
when you generate the genesis block, using channelID to specific it. Or you can rename your channel when your create channel configuration transaction.
I finally managed to pass this error by changing the name of the generated channel. However, this does not explain why some names do not work.