Develop Reference

multiple orderer organizations

I have two organizations for ordering (type= Raft). one of them has two orderers and the second one has three orderers, in configtx.yaml there are Ordererorg1MSP and Ordererorg2MSP MSPs.
my configtx.taml:
Organizations:
- &Ordererorg1
Name: Ordererorg1MSP
ID: Ordererorg1MSP
MSPDir: crypto-config/ordererOrganizations/org1.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg1MSP.admin')"
- &Orgorg1
Name: Orgorg1MSP
ID: Orgorg1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg1MSP.admin', 'Orgorg1MSP.peer', 'Orgorg1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Orgorg1MSP.admin', 'Orgorg1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Orgorg1MSP.admin')"
AnchorPeers:
- Host: peer1.org1.example.com
Port: 2050
- &Ordererorg2
Name: Ordererorg2MSP
ID: Ordererorg2MSP
MSPDir: crypto-config/ordererOrganizations/org2.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg2MSP.admin')"
- &Orgorg2
Name: Orgorg2MSP
ID: Orgorg2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg2MSP.admin', 'Orgorg2MSP.peer', 'Orgorg2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Orgorg2MSP.admin', 'Orgorg2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Orgorg2MSP.admin')"
AnchorPeers:
- Host: peer1.org2.example.com
Port: 2050
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- peer1.org1.orderer.example.com:7050
- peer1.org2.orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
EtcdRaft:
Consenters:
- Host: peer1.org1.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
- Host: peer1.org2.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
Channel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Orgorg1
- *Orgorg2
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *Ordererorg1
- *Ordererorg2
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *Ordererorg1
- <<: *Ordererorg2
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
when I want to create channel, I face error and the DEBUG logs says:
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7b9 0xc0007edbe0 gate 1588594370452563334 evaluation starts
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7ba 0xc0007edbe0 signed by 0 principal evaluation starts (used [false])
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7bb 0xc0007edbe0 principal evaluation fails
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7bc 0xc0007edbe0 gate 1588594370452563334 evaluation fails
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7bd Signature set did not satisfy policy /Channel/Orderer/Ordererorg2MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7be == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg2MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7bf == Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg1MSP/Readers ==
2020-05-04 12:12:50.452 UTC [cauthdsl] deduplicate -> ERRO 7c0 Principal deserialization failure (MSP OrdererMSP is unknown) for identity 0
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7c1 0xc0007fe250 gate 1588594370452661614 evaluation starts
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7c2 0xc0007fe250 signed by 0 principal evaluation starts (used [false])
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7c3 0xc0007fe250 principal evaluation fails
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7c4 0xc0007fe250 gate 1588594370452661614 evaluation fails
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c5 Signature set did not satisfy policy /Channel/Orderer/Ordererorg1MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c6 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg1MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] func1 -> DEBU 7c7 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Ordererorg1MSP/Readers Ordererorg2MSP/Readers ]
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c8 Signature set did not satisfy policy /Channel/Orderer/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c9 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Readers
2020-05-04 12:12:50.452 UTC [policies] func1 -> DEBU 7ca Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Application/Readers Consortiums/Readers Orderer/Readers ]
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7cb Signature set did not satisfy policy /Channel/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7cc == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Readers
2020-05-04 12:12:50.452 UTC [orderer.common.msgprocessor] Apply -> DEBU 7cd SigFilter evaluation failed: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied, policyName: /Channel/Readers, ConsensusState: STATE_NORMAL
2020-05-04 12:12:50.452 UTC [common.deliver] deliverBlocks -> WARN 7ce [channel: greenwebgenesis] Client authorization revoked for deliver request from 10.0.1.36:33346: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
I guess in each fabric network, we can only have one ordering organization under the MSP of OrdererMSP. is it correct?
can someone please help me on this?

In the logs you are getting Principal deserialization failure (MSP OrdererMSP is unknown) but in configtx.yaml file, you aren't using OrdererMSP hence check the value of ORDERER_GENERAL_LOCALMSPID in docker file.

Mistake: you have removed orderer orgs from consortium
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
Mistake correction:
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
- *Ordererorg1
- *Ordererorg2
I have corrected policies also if you expectily mention peer and client then the issued certificate type also should be peer and clint so make it member and you are good to go.
Please find the corrected configtx.yaml
Organizations:
- &Ordererorg1
Name: Ordererorg1MSP
ID: Ordererorg1MSP
MSPDir: crypto-config/ordererOrganizations/org1.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg1MSP.admin')"
- &Orgorg1
Name: Orgorg1MSP
ID: Orgorg1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg1MSP.member'"
Writers:
Type: Signature
Rule: "OR('Orgorg1MSP.member'"
Admins:
Type: Signature
Rule: "OR('Orgorg1MSP.admin')"
AnchorPeers:
- Host: peer1.org1.example.com
Port: 2050
- &Ordererorg2
Name: Ordererorg2MSP
ID: Ordererorg2MSP
MSPDir: crypto-config/ordererOrganizations/org2.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg2MSP.admin')"
- &Orgorg2
Name: Orgorg2MSP
ID: Orgorg2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg2MSP.member'"
Writers:
Type: Signature
Rule: "OR('Orgorg2MSP.member'"
Admins:
Type: Signature
Rule: "OR('Orgorg2MSP.admin')"
AnchorPeers:
- Host: peer1.org2.example.com
Port: 2050
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- peer1.org1.orderer.example.com:7050
- peer1.org2.orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
EtcdRaft:
Consenters:
- Host: peer1.org1.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
- Host: peer1.org2.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
Channel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Orgorg1
- *Orgorg2
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *Ordererorg1
- *Ordererorg2
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *Ordererorg1
- <<: *Ordererorg2
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
- *Ordererorg1
- *Ordererorg2
I have written book: If you know more about mastering in Hyperledger fabric you can get from here:
- https://leanpub.com/masteringhyperledgerfabric
- https://amzn.to/2Yyl1aS

Getting "Rejecting deliver request for IP:port because of consenter" error with raft

I'm running a multi-org setup on cloud consists of 2 Orgs, 4 Peers(2 peers per Org) and 3 ordering nodes. All the peer nodes and the node orderer0 are running on DigitalOcean droplet. orderer2 and orderer3 nodes are running on AWS and GCP respectively. For ordering service I'm using Raft and orderer2 was selected as a Leader. For creating the channel, installing/instantiating/querying the chaincode, I'm executing a scripts.sh(present in byfn under scripts directory) on the peer. The script executed successfully i.e channel was created(using orderer0 node), joined by all the peers and installation/instantiation/query of chaincode executed successfully. But when I checked the orderer0 logs I found below errors.
2019-11-15 13:33:08.814 UTC [common.deliver] deliverBlocks -> WARN 04a [channel: mychannel] Rejecting deliver request for 139.59.7.201:59304 because of consenter error
2019-11-15 13:33:08.815 UTC [comm.grpc.server] 1 -> INFO 04b streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=139.59.7.201:59304 grpc.code=OK grpc.call_duration=201.373401ms
After a few seconds
2019-11-15 13:33:09.654 UTC [orderer.consensus.etcdraft] run -> INFO 058 raft.node: 1 elected leader 2 at term 2 channel=mychannel node=1
2019-11-15 13:33:09.657 UTC [orderer.consensus.etcdraft] serveRequest -> INFO 059 Raft leader changed: 0 -> 2 channel=mychannel node=1
2019-11-15 13:33:09.865 UTC [common.deliver] Handle -> WARN 05a Error reading from 139.59.7.201:59314: rpc error: code = Canceled desc = context canceled
docker-compose-orderer.yaml
version: '2'
networks:
byfn:
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer:1.4.3
restart: always
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
- ORDERER_HOST=orderer.example.com
- ORDERER_GENERAL_LOGLEVEL=info
- FABRIC_LOGGING_SPEC=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_GENESISPROFILE=OrdererOrg
- CONFIGTX_ORDERER_ADDRESSES=[127.0.0.1:7050]
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
#- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
#- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_CHAINCODE_LOGGING_SHIM=DEBUG
- ORDERER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin#example.com/tls/ca.crt
- ORDERER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin#example.com/tls/client.crt
- ORDERER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin#example.com/tls/client.key
- GODEBUG=netdns=go
extra_hosts:
- "peer0.org1.example.com:139.59.13.3"
- "peer1.org1.example.com:139.59.13.119"
- "peer0.org2.example.com:139.59.7.201"
- "peer1.org2.example.com:139.59.24.225"
- "orderer2.example.com:3.14.67.48"
- "orderer3.example.com:34.69.118.13"
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/:/var/hyperledger/configs
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
- ./crypto-config/ordererOrganizations/example.com/users:/var/hyperledger/users
#- orderer.example.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
networks:
- byfn
docker-compose-orderer2.yaml
version: '2'
networks:
byfn:
services:
orderer2.example.com:
container_name: orderer2.example.com
image: hyperledger/fabric-orderer:1.4.3
restart: always
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
- ORDERER_HOST=orderer2.example.com
- ORDERER_GENERAL_LOGLEVEL=info
- FABRIC_LOGGING_SPEC=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_GENESISPROFILE=OrdererOrg
- CONFIGTX_ORDERER_ADDRESSES=[127.0.0.1:7050]
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
#- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
#- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_CHAINCODE_LOGGING_SHIM=DEBUG
- ORDERER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin#example.com/tls/ca.crt
- ORDERER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin#example.com/tls/client.crt
- ORDERER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin#example.com/tls/client.key
- GODEBUG=netdns=go
extra_hosts:
- "peer0.org1.example.com:139.59.13.3"
- "peer1.org1.example.com:139.59.13.119"
- "peer0.org2.example.com:139.59.7.201"
- "peer1.org2.example.com:139.59.24.225"
- "orderer.example.com:139.59.1.164"
- "orderer2.example.com:3.14.67.48"
- "orderer3.example.com:34.69.118.13"
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/:/var/hyperledger/configs
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/var/hyperledger/orderer/tls
- ./crypto-config/ordererOrganizations/example.com/users:/var/hyperledger/users
#- orderer.example.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
networks:
- byfn
docker-compose-orderer3.yaml
version: '2'
networks:
byfn:
services:
orderer3.example.com:
container_name: orderer3.example.com
image: hyperledger/fabric-orderer:1.4.3
restart: always
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
- ORDERER_HOST=orderer3.example.com
- ORDERER_GENERAL_LOGLEVEL=info
- FABRIC_LOGGING_SPEC=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_GENESISPROFILE=OrdererOrg
- CONFIGTX_ORDERER_ADDRESSES=[127.0.0.1:7050]
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
#- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
#- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_CHAINCODE_LOGGING_SHIM=DEBUG
- ORDERER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin#example.com/tls/ca.crt
- ORDERER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin#example.com/tls/client.crt
- ORDERER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin#example.com/tls/client.key
- GODEBUG=netdns=go
extra_hosts:
- "peer0.org1.example.com:139.59.13.3"
- "peer1.org1.example.com:139.59.13.119"
- "peer0.org2.example.com:139.59.7.201"
- "peer1.org2.example.com:139.59.24.225"
- "orderer.example.com:139.59.1.164"
- "orderer2.example.com:3.14.67.48"
- "orderer3.example.com:34.69.118.13"
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/:/var/hyperledger/configs
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/:/var/hyperledger/orderer/tls
- ./crypto-config/ordererOrganizations/example.com/users:/var/hyperledger/users
#- orderer.example.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
networks:
- byfn
docker-compose-orderer.yaml
version: '2'
networks:
byfn:
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer:1.4.3
restart: always
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
- ORDERER_HOST=orderer.example.com
- ORDERER_GENERAL_LOGLEVEL=info
- FABRIC_LOGGING_SPEC=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_GENESISPROFILE=OrdererOrg
- CONFIGTX_ORDERER_ADDRESSES=[127.0.0.1:7050]
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
#- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
#- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_CHAINCODE_LOGGING_SHIM=DEBUG
- ORDERER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin#example.com/tls/ca.crt
- ORDERER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin#example.com/tls/client.crt
- ORDERER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin#example.com/tls/client.key
- GODEBUG=netdns=go
extra_hosts:
- "peer0.org1.example.com:139.59.13.3"
- "peer1.org1.example.com:139.59.13.119"
- "peer0.org2.example.com:139.59.7.201"
- "peer1.org2.example.com:139.59.24.225"
- "orderer2.example.com:3.14.67.48"
- "orderer3.example.com:34.69.118.13"
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/:/var/hyperledger/configs
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
- ./crypto-config/ordererOrganizations/example.com/users:/var/hyperledger/users
#- orderer.example.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
networks:
- byfn
orderer(orderer0) node logs
https://justpaste.it/49a1n
Orderer2 node logs ae huge hence sharing the link
https://justpaste.it/6ro0v
orderer3 logs
https://justpaste.it/5e4j8
peer0org1 logs
https://justpaste.it/33rm5
peer1org1 logs
https://justpaste.it/1s2uz
peer0org2 logs
https://justpaste.it/6emlk
peer1org2 logs
https://justpaste.it/53fna

Hyperledger Fabric's Idemix usage

I want to try the idemix feature introduced by Fabric 1.3 version. based on the repo. I did some changes in order to support idemix. But when I run java -cp blockchain-client.jar org.example.chaincode.invocation.InvokeChaincode
,btw, I omitted the step 5 for Register and enroll users, I came across
2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms` from peer container.
I set up a fabric network with minimal components. Two organizations, each has two peers and a CA. The demo is from repo. The demo's network with no idemix feature supported works well. When I add idemix section to configtx.yaml, regenerate crypto material, create a channel, etc. And the network finally is up. All containers are work well. But I interact with fab car chaincode using java-sdk, the above error info was thrown.
The following are from configtx.yaml file(just show key parts here):
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
- &Org1Idemix
Name: idemixMSP1
ID: idemixMSPID1
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org3.example.com
- &Org2Idemix
Name: idemixMSP2
ID: idemixMSPID2
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org4.example.com
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
#V1_2: false
#V1_1: false
Application: &ApplicationDefaults
Organizations:
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
TwoOrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
- *Org1Idemix
- *Org2Idemix
Application:
<<: *ApplicationDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *ApplicationCapabilities
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org1Idemix
- *Org2Idemix
Capabilities:
<<: *ApplicationCapabilities
The code I add in InvokeChaincode.java before creating channel client as follows:
// org/example/chaincode/invocation.java
UserContext normalUserContext = new UserContext();
String name = "user"+System.currentTimeMillis();
normalUserContext.setName(name);
normalUserContext.setAffiliation(Config.ORG1);
normalUserContext.setMspId(Config.ORG3_IDEMIX_MSP);
String enrollmentSecret = caClient.registerUser(name, Config.ORG1);
normalUserContext = caClient.idemixEnrollUser(normalUserContext, enrollmentSecret,normalUserContext.getMspId());
FabricClient fabClient = new FabricClient(normalUserContext);
The configuration file added code:
// org/example/config/Config.java
public static final String ORG3 = "org3";
public static final String ORG3_IDEMIX_MSP = "idemixMSPID1";
And docker-composer.yaml file remains unchanged.
All the images used are 1.4.1
I expect the endorser peer able to verify tx proposal from client with idemix enabled. But now the peer side report 2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms
I don't know why. I guess that if a peer does not support idemix tx verification. Are there some switches not open on peers? Help. Any replies will be thankful.

How to fix "Failed creating puller config from bootstrap block: unable to decode TLS certificate PEM" in HLF with Raft Cluster

I am trying to set up a Hyperledger Fabric network with the orderer as Raft (3 nodes in the cluster). I am using Kubernetes with Helm in Cloud.
Everything works fine when it is a single node Raft set up. However, for a multi-node setup, I am getting the following error.
[orderer.common.cluster] createReplicator -> PANI 3f4 Failed creating puller config from bootstrap block: unable to decode TLS certificate PEM:
panic: Failed creating puller config from bootstrap block: unable to decode TLS certificate PEM:
goroutine 15 [running]:
github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc0000f1ce0, 0x0, 0x0, 0x0)
/opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore/entry.go:229 +0x515
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).log(0xc000140158, 0x4, 0x1047e13, 0x36, 0xc000289c50, 0x1, 0x1, 0x0, 0x0, 0x0)
/opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:234 +0xf6
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).Panicf(0xc000140158, 0x1047e13, 0x36, 0xc000289c50, 0x1, 0x1)
/opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:159 +0x79
github.com/hyperledger/fabric/common/flogging.(*FabricLogger).Panicf(0xc000140160, 0x1047e13, 0x36, 0xc000289c50, 0x1, 0x1)
/opt/gopath/src/github.com/hyperledger/fabric/common/flogging/zap.go:74 +0x60
github.com/hyperledger/fabric/orderer/common/server.(*replicationInitiator).createReplicator(0xc0001c8ba0, 0xc0003ce340, 0xc00031a9a0, 0xb)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:60 +0x30c
github.com/hyperledger/fabric/orderer/common/server.(*replicationInitiator).ReplicateChains(0xc0001c8ba0, 0xc0003ce340, 0xc00031a000, 0x1, 0x1, 0x0, 0x0, 0x0)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:117 +0x1ca
github.com/hyperledger/fabric/orderer/common/server.(*inactiveChainReplicator).replicateDisabledChains(0xc0003701e0)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:224 +0x1f5
github.com/hyperledger/fabric/orderer/common/server.(*inactiveChainReplicator).run(0xc0003701e0)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:202 +0x42
created by github.com/hyperledger/fabric/orderer/common/server.initializeEtcdraftConsenter
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:637 +0x3fc
Other configs as follows
configtx.yaml
MultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
Consenters:
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
Consenters:
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
Addresses:
- myorg-orderer-hlf-ord:7050
- myorg-orderer2-hlf-ord:7050
- myorg-orderer3-hlf-ord:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *myorg

I found the solution to this problem.
I had to fix two issues inorder to get this working.
I was missing a few environment variables for TLS in my helm setup for orderer.
ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE: "/var/hyperledger/tls/server/pair/tls.crt"
ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY: "/var/hyperledger/tls/server/pair/tls.key"
ORDERER_GENERAL_CLUSTER_ROOTCAS: "/var/hyperledger/tls/server/cert/cacert.pem"
Syntax error in configtx.yaml YAML config. I was repeating Consenters key multiple times.

failed to get discovery service: could not get chConfig cache reference: read configuration for channel peers failed

When trying to install and instantiate the chaincode I'm getting below error:
error coming on WSL(Windows subsystem for Linux)
Unable to install and instantiate the chaincode: failed to instantiate the chaincode: failed to get discovery service: could not get chConfig cache reference: read configuration for channel peers failed
error on Ubuntu 16.04
Unable to install and instantiate the chaincode: failed to instantiate the chaincode: failed to get discovery service: could not get chConfig cache reference: no channel peers configured for channel [mychannel]
I'm following the chainHero example. below is the complete output after running make command.
Build done
Start environment ...
Creating network "firstproject-network_default" with the default driver
Creating orderer.firstproject.com ... done
Creating ca.org1.firstproject.com ... done
Creating peer0.org1.firstproject.com ... done
Creating peer1.org1.firstproject.com ... done
Docker environment up
Start app and initializing skd with local network...
SDK created
Resource management client created
value of req is: {mychannel <nil> /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/artifacts/channel.tx [0xc0001d4fa0]}
Value of setup.Orderer is: orderer.firstproject.com
Channel created
Channel joined
Initialization Successful
ccPkg created
Chaincode installed
Unable to install and instantiate the chaincode: failed to instantiate the chaincode: failed to get discovery service: could not get chConfig cache reference: read configuration for channel peers failed
config.yaml
name: "firstproject-network"
version: 1.0.0
client:
organization: org1
logging:
level: info
peer:
timeout:
connection: 10s
response: 180s
discovery:
greylistExpiry: 10s
eventService:
timeout:
connection: 15s
registrationResponse: 15s
orderer:
timeout:
connection: 15s
response: 15s
cryptoconfig:
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config
credentialStore:
path: /tmp/firstproject-store
cryptoStore:
path: /tmp/firstproject-msp
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
systemCertPool: false
client:
keyfile:
certfile:
channels:
OneOrgChannel:
peers:
peer0.org1.firstproject.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org1.firstproject.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
policies:
queryChannelConfig:
minResponses: 1
maxTargets: 1
retryOpts:
attempts: 5
initialBackoff: 500ms
maxBackoff: 5s
backoffFactor: 2.0
# list of participating organizations in this network
organizations:
org1:
mspid: Org1MSP
cryptoPath: peerOrganizations/org1.firstproject.com/users/{userName}#org1.firstproject.com/msp
peers:
- peer0.org1.firstproject.com
- peer1.org1.firstproject.com
certificateAuthorities:
- ca.org1.firstproject.com
orderers:
orderer.firstproject.com:
url: grpcs://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.firstproject.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config/ordererOrganizations/firstproject.com/tlsca/tlsca.firstproject.com-cert.pem
peers:
peer0.org1.firstproject.com:
# this URL is used to send endorsement and query requests
url: grpcs://localhost:7051
# eventUrl is only needed when using eventhub (default is delivery service)
eventUrl: grpcs://localhost:7053
grpcOptions:
ssl-target-name-override: peer0.org1.firstproject.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config/peerOrganizations/org1.firstproject.com/tlsca/tlsca.org1.firstproject.com-cert.pem
peer1.org1.firstproject.com:
url: grpcs://localhost:8051
eventUrl: grpcs://localhost:8053
grpcOptions:
ssl-target-name-override: peer1.org1.firstproject.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config/peerOrganizations/org1.firstproject.com/tlsca/tlsca.org1.firstproject.com-cert.pem
certificateAuthorities:
ca.org1.firstproject.com:
url: http://localhost:7054
httpOptions:
verify: false
registrar:
enrollId: admin
enrollSecret: adminpw
caName: ca.org1.firstproject.com
tlsCACerts:
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config/peerOrganizations/org1.firstproject.com/ca/ca.org1.firstproject.com-cert.pem
entityMatchers:
peer:
- pattern: (\w*)peer0.org1.firstproject.com(\w*)
urlSubstitutionExp: grpcs://localhost:7051
eventUrlSubstitutionExp: grpcs://localhost:7053
sslTargetOverrideUrlSubstitutionExp: peer0.org1.firstproject.com
mappedHost: peer0.org1.firstproject.com
- pattern: (\w*)peer1.org1.firstproject.com(\w*)
urlSubstitutionExp: grpcs://localhost:8051
eventUrlSubstitutionExp: grpcs://localhost:8053
sslTargetOverrideUrlSubstitutionExp: peer1.org1.firstproject.com
mappedHost: peer1.org1.firstproject.com
orderer:
- pattern: (\w+).firstproject.(\w+):(\d+)
urlSubstitutionExp: grpcs://localhost:7050
sslTargetOverrideUrlSubstitutionExp: orderer.firstproject.com
mappedHost: orderer.firstproject.com
- pattern: (\w+).firstproject.(\w+)
urlSubstitutionExp: grpcs://localhost:7050
sslTargetOverrideUrlSubstitutionExp: orderer.firstproject.com
mappedHost: orderer.firstproject.com
certificateAuthorities:
- pattern: (\w*)ca.org1.firstproject.com(\w*)
urlSubstitutionExp: http://localhost:7054
mappedHost: ca.org1.firstproject.com
docker-compose.yaml
version: '2'
networks:
default:
services:
orderer.firstproject.com:
container_name: orderer.firstproject.com
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ./crypto-config/ordererOrganizations/firstproject.com/orderers/orderer.firstproject.com/msp:/var/hyperledger/orderer/msp
- ./artifacts/orderer.genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/firstproject.com/orderers/orderer.firstproject.com/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
ca.org1.firstapplication.com:
image: hyperledger/fabric-ca:latest
container_name: ca.org1.firstproject.com
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.firstproject.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.firstproject.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/78da3186373e52832b71dd83ec4d36ef84722a3e3ed15e8df214b482fe2723e7_sk
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.firstproject.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/78da3186373e52832b71dd83ec4d36ef84722a3e3ed15e8df214b482fe2723e7_sk
ports:
- 7054:7054
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.firstproject.com/ca/:/etc/hyperledger/fabric-ca-server-config
peer0.org1.firstproject.com:
container_name: peer0.org1.firstproject.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_NETWORKID=firstproject
- CORE_PEER_ID=peer0.org1.firstproject.com
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_PEER_ADDRESS=peer0.org1.firstproject.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.firstproject.com:7051
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_TLS_SERVERHOSTOVERRIDE=peer0.org1.firstproject.com
#- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.firstapplication.com:7051
volumes:
- ./var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.firstproject.com/peers/peer0.org1.firstproject.com/msp:/var/hyperledger/msp
- ./crypto-config/peerOrganizations/org1.firstproject.com/peers/peer0.org1.firstproject.com/tls:/var/hyperledger/tls
ports:
- 7051:7051
- 7053:7053
depends_on:
- orderer.firstproject.com
links:
- orderer.firstproject.com
networks:
default:
aliases:
- peer0.org1.firstproject.com
peer1.org1.firstproject.com:
container_name: peer1.org1.firstproject.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_NETWORKID=firstproject
- CORE_PEER_ID=peer1.org1.firstproject.com
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_PEER_ADDRESS=peer1.org1.firstproject.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.firstproject.com:7051
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_TLS_SERVERHOSTOVERRIDE=peer1.org1.firstproject.com
#- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.firstapplication.com:7051
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.firstproject.com/peers/peer1.org1.firstproject.com/msp:/var/hyperledger/msp
- ./crypto-config/peerOrganizations/org1.firstproject.com/peers/peer1.org1.firstproject.com/tls:/var/hyperledger/tls
ports:
- 8051:7051
- 8053:7053
depends_on:
- orderer.firstproject.com
links:
- orderer.firstproject.com
networks:
default:
aliases:
- peer1.org1.firstproject.com
peer-base.yaml
version: '2'
services:
peer-base:
image: hyperledger/fabric-peer:latest
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_ATTACHSTDOUT=true
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/var/hyperledger/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/var/hyperledger/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/var/hyperledger/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/var/hyperledger/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
orderer-base:
image: hyperledger/fabric-orderer:latest
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer

You're using the wrong channel name to instantiate the chaincode, in the config.yaml you have defined a channel OneOrgChannel with peer peer0, peer1. However, you seem to be using a channel mychannel to instantiate chaincode.
Either change the channel name to OneOrgChannelor add mychannel in the config.yaml.