Setting a subset of orderers for RAFT application channel - hyperledger-fabric

I am trying to create an application channel using first-network from fabric-samples.
I am creating the deployment to run 4 ordering nodes running in RAFT cluster. The following is the profile section used for creating Orderer Genesis Block in the configtx.yaml file.
SampleMultiNodeEtcdRaft
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 10050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
Addresses:
- orderer.example.com:7050
- orderer2.example.com:8050
- orderer3.example.com:9050
- orderer4.example.com:10050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
Now I want to create an application channel which will only have 3 ordering nodes (out of the given 4): orderer, orderer2, orderer3. So I set the profile section for application channel as follows (in the configtx.yaml file):
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
Addresses:
- orderer.example.com:7050
- orderer2.example.com:8050
- orderer3.example.com:9050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
I am using the default byfn.sh script to bring up the network.
But still when I try to fetch the application channel configuration block from the cli container using orderer4 envrionment, I am successfully able to do it and on decoding it to JSON file, I can see that all 4 orderers are part of the application channel's consenters section as well as every orderer's address is present in the orderer addresses section.
So, why is the application channel not starting with only first 3 orderers despite giving only those as the consenters?

The channel creation command must have -channelCreateTxBaseProfile argument in it and the value for the argument would be the orderer genesis profile name (here SampleMultiNodeEtcdRaft).
Also, the identity trying to execute the peer channel create command must satisfy the following ACL: /Channel/Orderer/ConsensusType (which is by default set to the following policy: /Channel/Application/Admins).

Related

Hyperledger fabric customising orderers for channel

I have existing hyperledger fabric setup with 2 organisations, 5 orderers and 1 channel, I want to create a new channel and want to make only 3 orderers (out of 5) as part of the new channel, for that I have mentioned the orderer details on channel profile section as follow:
NewChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer3.example.com
Port: 13050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 14050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 15050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
Addresses:
- orderer3.example.com:13050
- orderer4.example.com:14050
- orderer5.example.com:15050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
I have created channel transaction file without any issue by using -channelCreateTxBaseProfile argument but while creating the channel I'm getting following error:
Error: got unexpected status: BAD_REQUEST -- error validating channel
creation transaction for new channel 'channel11', could not
successfully apply update to template configuration: error authorizing
update: error validating DeltaSet: policy for [Value]
/Channel/OrdererAddresses not satisfied: implicit policy evaluation
failed - 0 sub-policies were satisfied, but this policy requires 1 of
the 'Admins' sub-policies to be satisfied
I'm not able to identify the exact issue with policy, can any one advise about the issue and how to resolve it.
try to use orderer admin msp instead of peer admin msp
when you update channel config ,set env like these :
export CORE_PEER_LOCALMSPID="OrdererMSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PROJECT_PATH}/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PROJECT_PATH}/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051

In hyperledger fabric 2.0, Is it possible to create and deploy the chaincode in two different channels, each containing different organizations?

I have been trying to create two channels, and isolate two organizations; however, when I will deploy the Chaincode in each, it is required to be endorsed by the organization contained in the other channel.
Obviously, it is possible and this is the main reason for channel in Hyperledger Fabric.
You can find that on Hyperledger Fabric's doc.
Link: https://hyperledger-fabric.readthedocs.io/en/release-2.2/network/network.html
You can find a tutorial on following link about how to implement that concept.
Link: https://medium.com/hackernoon/taste-all-the-features-of-hyperledger-fabric-v1-4-4275fd9b9d8e
You can also check "Profiles" in configtx.yaml file and define separate Consortiums for two channel and you can also try with 2 different chaincode name.
Profiles:
OrgsChannel1:
Consortium: Consortium1
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
OrgsChannel2:
Consortium: Consortium2
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org3
- *Org4
Capabilities:
<<: *ApplicationCapabilities
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 10050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 11050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
Addresses:
- orderer.example.com:7050
- orderer2.example.com:8050
- orderer3.example.com:9050
- orderer4.example.com:10050
- orderer5.example.com:11050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
Consortium1:
Organizations:
- *Org1
- *Org2
Consortium2:
Organizations:
- *Org3
- *Org4

Can I create multiple channels within an organisation in Hyperledger Fabric?

I am setting up a single organization Hyperledger Fabric network.I want to create multiple channels within the organization and restrict access to channels? i.e., peerA has access only on channelA and peerB has access only on channelB
Can I get some insight on how to create different channels on different peers of the organisations?
Let me explain clearly,
Hyperledger fabric is a consortium oriented
Consortium is the high-level and channel, organizations are subset of consortium , which means one consortium contains channels and organizations
one channel can have multiple organizations
organizations participate in the channel by joining their peers
Each channel has a separate ledger
Coming to your question
peerA has access only on channelA and peerB has access only on channelB
join peerA of org1 to only channelA
join peerB of org1 to only channelB
Can I create multiple channels within the organization and restrict access to channels?
YES, you can create as no of channel you want
below I presented the configtx with two channels
Organizations:
- &org1
Name: org1
ID: org1MSP
MSPDir: ./data/orgs/org1/msp
AnchorPeers:
- Host: org1-peer-org1
- Port: 7051
- &org2
Name: org2
ID: org2MSP
MSPDir: ./data/orgs/org2/msp
AnchorPeers:
- Host: org2-peer-org2
- Port: 7051
Capabilities:
Global: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Profiles:
OrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
OrdererType: kafka
Addresses:
- org1-orderer-org1:7050
- org2-orderer-org2:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 56
AbsoluteMaxBytes: 34 MB
PreferredMaxBytes: 4354 KB
Kafka:
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
Organizations:
- *org1
- *org2
Capabilities:
<<: *OrdererCapabilities
Consortiums:
transport:
Organizations:
- *org1
- *org2
OrgsChannel1:
Consortium: transport
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
OrgsChannel2:
Consortium: transport
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
Capabilities:
<<: *ApplicationCapabilities

how to add raft instead of kafka in hyperledger fabric?

How to add raft instead of kafka in hyperledger fabric altoros fabric-supply-chain project ?
here's my configtxtemplate-OneOrg-orderer.yaml file
---
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
OrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ORG1
common:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ORG1
CHANNEL_NAME:
Consortium: SampleConsortium
Application:
Organizations:
- *ORG1
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererMSP
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/DOMAIN/msp
- &ORG1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: ORG1MSP
# ID to load the MSP definition as
ID: ORG1MSP
MSPDir: crypto-config/peerOrganizations/ORG1.DOMAIN/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.ORG1.DOMAIN
Port: 7051
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.DOMAIN:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 98 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
Can you please check where I'm going wrong and in which files i have to make changes.
I went through the docs of raft but i couldn't understand it well and there is no good source or tutorial that i could go through. If you know any good source or example then please help.
I see the hyperledger fabric community is not as strong as bitcoin or ethereum like blockchains. I am facing lot of trouble to build an application on it. I would request you to help me from where i can learn the best.
You can read in documentation for more details and explanations, while key concepts are:
In order to work with Raft you need to configure your ordering service to work with TLS.
Change orderer type to be
OrdererType: etcdraft
You need to setup your concenters set (Raft replicas) by adding into configuration following section:
Consenters:
- Host: raft0.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert0
ServerTLSCert: path/to/ServerTLSCert0
- Host: raft1.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert1
ServerTLSCert: path/to/ServerTLSCert1
- Host: raft2.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert2
ServerTLSCert: path/to/ServerTLSCert2
where you provide configuration to setup your cluster including TLS certificates for your concenters.
For example profile for Raft might look as following, SampleDevModeEtcdRaft profile:
SampleDevModeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: raft0.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert0
ServerTLSCert: path/to/ServerTLSCert0
- Host: raft1.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert1
ServerTLSCert: path/to/ServerTLSCert1
- Host: raft2.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert2
ServerTLSCert: path/to/ServerTLSCert2
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2

Error on generating genesis.block and channel.tx in sequence using separate configtx.yaml files

Error from docker logs: Existing config does not contain element for [Groups] /Channel/Application
The configtx.yaml for generating genesis.block
Profiles:
OrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrgs
Consortiums:
SampleConsortium:
Organizations:
Organizations:
- &OrdererOrgs
Name: orderer0
ID: orderer0
MSPDir: crypto-config/ordererOrganizations/test.com/msp
AdminPrincipal: Role.Admin
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer0:7050
BatchTimeout: 2s
MaxChannels: 0
Application: &ApplicationDefaults
Organizations:
The configtx.yaml for generating channel.tx
Profiles:
OrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *org
Organizations:
- &org
Name: org
ID: org
MSPDir: crypto-config/peerOrganizations/org.org.com/msp
AdminPrincipal: Role.Admin
AnchorPeers:
- Host: peer0
Port: 7051
Application: &ApplicationDefaults
Organizations:
Is this a valid scenario where we can generate genesis.block first [without specifying organization details] and then finally creating channel.tx by specifying org details?

Resources