Develop Reference

Hyperledger Fabric Multiple hosts fails endorsement : error sending: txid: exists

I'm working on Hyperledger Fabric v1.4.6 and node sdk v1.4.8 and trying to configure it on multiple hosts using Docker Swarm and Compose. My network consist of 2 channels, 3 org and a single raft Orderer. Anchor peers have been successfully updated on channels.
Host 1: channel1 has peer0org1 and peer0org2 + CA-org1 and CA-org2 a Cli and an Orderer
Host 2: channel2 has peer0org1 and peer0org3 + CA-org1 and CA-org3.
My endorsement policy is "AND ('Org1MSP.peer','Org2MSP.peer')" for channel1, for channel2 it is "AND ('Org1MSP.peer','Org3MSP.peer')"
I'm able to successfully build the network and invoke/query transactions via cli but the error starts
when I'm trying to invoke the chaincode via node sdk.
Node sdk error when trying to invoke using invoke.js
- warn: [DiscoveryEndorsementHandler]: _build_endorse_group_member >> G1:1 - endorsement failed - Error: failed
to execute transaction 3b8eb8fe01815c3dd03e1fb840f35a3092974de83694e83a0ec13e548682458d: error sending: txid: 3b8eb8fe01815c3dd03e1fb840f35a3092974de83694e83a0ec13e548682458d(channel1) exists
- error: [DiscoveryEndorsementHandler]: _endorse - endorsement failed::Error: Endorsement has failed
at DiscoveryEndorsementHandler._endorse (/home/ubuntu/utils/node_modules/fabric-network/node_modules/fabric-client/lib/impl/DiscoveryEndorsementHandler.js:185:19)
This error resolves when I use a single org endorsement policy "AND('Org1MSP.peer')".
Additionally, my gateway has discovery: { enabled: true, asLocalhost: true } });
org1 yaml file:
org1peer0:
image: hyperledger/fabric-peer:$IMAGE_TAG
environment:
# couchdb params
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
#- CORE_LOGGING_LEVEL=INFO
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_VM_DOCKER_ATTACHSTDOUT=true
- CORE_CHAINCODE_STARTUPTIMEOUT=1200s
- CORE_CHAINCODE_EXECUTETIMEOUT=800s
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org1.example.com:/var/hyperledger/production
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.hostname == $WORKER1_HOSTNAME
ports:
- published: 7051
target: 7051
mode: host
Also, the node sdk app is running outside the docker network.

2 CA Listening on same port 7054

I have configured 2 CA for 2 Org (1 CA/1 Org). I have used Port- 7054:7054 for 1st CA and Port- 8054:8054 for 2nd CA.But when I do 'docker logs for 2nd CA container I am getting this- 2019/08/18 19:54:19 [INFO] Listening on http://0.0.0.0:7054 .Is in't it should be 8054 as I configured port 8054:8054 in docker-compose file for 2nd CA.? If yes, where I am doing wrong and where should I update?
My CA service in docker-compose file---
services:
ca0:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/9a834d764f3ec2ee602e073dc27a971add2052c84024efe3e5224fa5485053e9_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/9a834d764f3ec2ee602e073dc27a971add2052c84024efe3e5224fa5485053e9_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrg1
networks:
- basic
ca1:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org2
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/557164d9dc484f634bc058938bac0c68fb56f60ab0359f369ececfe6c7199a53_sk
ports:
- "8054:8054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/557164d9dc484f634bc058938bac0c68fb56f60ab0359f369ececfe6c7199a53_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrg2
networks:
- basic

#Subhra Sankha Bose #Nipun Tharuksha
We can change default values in every open source projects
You are missing one env variable to override the default port 7054
Add this to environment:
- FABRIC_CA_SERVER_PORT=8054
After adding the env see below my logs
2019/08/19 08:34:15 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server
2019/08/19 08:34:15 [DEBUG] 1 CA instance(s) running on server
2019/08/19 08:34:15 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/08/19 08:34:15 [DEBUG] TLS is enabled
2019/08/19 08:34:15 [DEBUG] TLS Certificate: /etc/hyperledger/fabric-ca-server-config/ca.nbd-cert.pem, TLS Key: /etc/hyperledger/fabric-ca-server-config/8b3bb8a74b5901f03c8d0901233f5b0ea2b2800e4176dcada7ade4932df565e1_sk
2019/08/19 08:34:15 [DEBUG] Client authentication type requested: noclientcert
2019/08/19 08:34:15 [INFO] Listening on https://0.0.0.0:8054

Just configure your 2nd CA with Port- 8054:7054 because internally CA is configured to listen on port 7054 only so you just have to define external port for your CA(here 8054).

TLS Handshake Error while Creating Hyperledger Fabric Channel with Multiple Organisation Orderers

Scenario: I have two organisation with two peers in each organisation. Now, I want each organisation to provide an orderer node as well.
Below is my crypto-config.yaml file:
OrdererOrgs:
- Name: Orderer1
Domain: org1.xyz.com
Template:
Count: 1
- Name: Orderer2
Domain: org2.xyz.com
Template:
Count: 1
Below is my configtx.yaml file:
- &OrdererOrg1
Name: OrdererOrg01
ID: Orderer1MSP
MSPDir: crypto-config/ordererOrganizations/org1.xyz.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orderer1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Orderer1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Orderer1MSP.admin')"
- &OrdererOrg2
Name: OrdererOrg02
ID: Orderer2MSP
MSPDir: crypto-config/ordererOrganizations/org2.xyz.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orderer2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Orderer2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Orderer2MSP.admin')"
Below is my docker-compose-cli.yaml file:
services:
orderer.xyz.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.xyz.com
container_name: orderer.xyz.com
networks:
- byfn
orderer0.xyz.com:
extends:
file: base/docker-compose-base.yaml
service: orderer0.xyz.com
container_name: orderer0.xyz.com
networks:
- byfn
I try to create a channel with the following command:
peer channel create -o orderer.xyz.com:7050 -t 60s -c bay -f ./channel-artifacts/channel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/org1.xyz.com/orderers/orderer0.org1.xyz.com/msp/tlscacerts/tlsca.org1.xyz.com-cert.pem
I get the following ERROR on Orderer container logs while creating a channel:
[core.comm] ServerHandshake -> ERRO 015 TLS handshake failed with
error remote error: tls: bad certificate {"server": "Orderer", "remote
address": "172.22.0.18:48594"}
So, is it possible that for organisations providing peers, provide an orderer node as well or a separate third organisation will be providing orderer nodes (as observed in tutorials)? And why am I getting this error?
Thanks for your time and let me know If you require any further information.

I'm finally able to find the actual reason behind this issue. The issue was with the service name of orderer containers in the docker-compose-cli.yaml file. Service name should be matched with the name specified in the crypto-config.yaml file following hostname.domain pattern.
So, I changed the orderer configurations in the docker-compose-cli.yaml file like below:
services:
orderer0.telco1.vodworks.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.vodworks.com
container_name: orderer.vodworks.com
networks:
- byfn
orderer0.telco2.vodworks.com:
extends:
file: base/docker-compose-base.yaml
service: orderer0.vodworks.com
container_name: orderer0.vodworks.com
networks:
- byfn
After this, I modified the peer channel commands in script.sh and utils.sh scripts by adding the correct name of orderers. After these couple of changes I was able to run my network successfully and verified this deployment by installing chaincodes as well.
Thanks to #arnaud-j-le-hors for the sample application which helped me out to figure out this issue.

I do not know how you defined the structure of organizations and peers in your network, but, by watching at the path you specify for the --cacert and the config files, it seems to me that telco1.vodworks.com is not specified being an orderer organization.
Overall I may ask, are you sure that the path for the --cacert is correct?

I'm not the expert here but I'm not sure why you are trying to connect to orderer.xyz.com? I've got one setup that looks like what you're trying to do and for that you should give a name to each of the ordering nodes you want to create by adding the following lines to your crypto-config file (for both orderers):
Specs:
- Hostname: orderer
And you should define two corresponding containers, one called orderer.org1.xyz.com and the other orderer.org2.xyz.com in your compose file.
You should then be able to create the channel by contacting orderer.org1.xyz.com.

in my case I got this error
[core.comm] ServerHandshake -> ERRO 025 TLS handshake failed with error remote error: tls: internal error {"server": "Orderer", "remote address": "190.22.189.42:40746"}
When I use a fabric sdk to connect to a Fabric Network that use TLS enabled.
To solve this you need ensure that the connection profile use the hostnameOverride propertie in Orderer section this an example
orderers:
orderer.example.com:
url: grpcs://localhost:7050
# these are standard properties defined by the gRPC library
# they will be passed in as-is to gRPC client constructor
grpcOptions:
hostnameOverride: orderer.example.com
grpc-max-send-message-length: 15
grpc.keepalive_time_ms: 360000
grpc.keepalive_timeout_ms: 180000
Please check the next example to more information : https://github.com/hyperledger/fabric-sdk-java/blob/master/src/test/fixture/sdkintegration/network_configs/network-config-tls.yaml
Really I was working days in this error and finally I found the solution
To more information, fabric training, or develop blockchain solutions to the business and goverment based in Hyperledger Fabric in Chile and Latin America please visit www.blockchainempresarial.com

Error During up the first Network using CouchDB

while join the peer to the channel got the following error:-
Error: error getting endorser client for channel: endorser client failed to connect to peer0.org1.example.com:7051: failed to create new connection: context deadline exceeded
Note that:-
I have used CouchDb. write the following command:-
docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml up -d

maybe you can do some validation against the docker-compose-couch.yaml and your old file, I asume that you replace it but the file is still there.
Validate that all the services are pointing to use CouchDB now, maybe the docker-compose-cli.yaml is pointing to the other DB type.
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer0.org1.example.com
- CORE_LOGGING_PEER=info
- CORE_CHAINCODE_LOGGING_LEVEL=info
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
# # the following setting starts chaincode containers on the same
# # bridge network as the peers
# # https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_basic
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
# The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
# provide the credentials for ledger to connect to CouchDB. The username and password must
# match the username and password set for the associated CouchDB.
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
# command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/msp/peer
- ./crypto-config/peerOrganizations/org1.example.com/users:/etc/hyperledger/msp/users
- ./config:/etc/hyperledger/configtx
extra_hosts:
- "peer1.org1.example.com:209.97.128.176"
depends_on:
- orderer.example.com
- couchdb
networks:
- basic
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=
- COUCHDB_PASSWORD=
ports:
- 5984:5984
networks:
- basic
In the example you have one peer service and the couchDB service, you can take it as example.
Also, I have a tutorial of how to setup a Hyperledger Fabric in mutiple hosts based in the Basic Network example of the Fabric Samples. Maybe you can take it as reference.
https://medium.com/1950labs/setup-hyperledger-fabric-in-multiple-physical-machines-d8f3710ed9b4
Regards!

What steps are necessary to add a new peer to an organization of hyperledger fabric?

I’m learning to build a network with Hyperlegder Fabric because I have developed a network with Hyperledger Composer and the next step is to build the production network. I have started to build the first-network sample and works. I have added Org3 with 2 peers to sample and it works.
And now I want to add more peers, for example peer2.org1.example.com so I have edited files in order to create the peer2 and it is created, but when the script.sh tries to join to channel, it launches an error:
Error: Error getting endorser client channel: PER:404 - Error trying to connect to local peer
Caused by: x509: certificate is valid for peer1.org1.example.com, peer1, not peer2.org1.example.com
So, What have I done incorrectly? Thank you

When you adding a new peer to the network you need to make sure to properly setup all related crypto material underlined for that new peer. First of all make sure to add information about new peer into crypto-config.yaml file and to use cryptogen tool to generate keys and certificates for new peer. Next you need to setup configuration before starting the peer to point to the relevant crypto material for example configuration for peer0 of org2:
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051
where it's inherited from base/peer-base.yaml file:
services:
peer-base:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
#- CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 9051:7051
- 9053:7053
to wrap it up, you need to make sure to config proper MSP ID and path to tls certificates. In your case your new peer simply tries to reuse crypto material of another peer.

You can achieve this by generating the crypto material (using cryptogen extends) for the new peer, spawning the new peer and made that peer to join the existing channel on the network to sync-up.
You can find the complete guide at
Extending Hyperledger Fabric Network: Adding a new peer