I have created a network of fabric and it running fine. I want to update the oderer configuration such as batchtimeout in running network. I have followed this tutorial to update the channel configuration at runtime. This tutorial works for adding a new org. But when i am updating orderer configuration then i am getting error as
Error: got unexpected status: BAD_REQUEST -- error applying config
update to existing channel 'mychannel': error authorizing update:
error validating DeltaSet: policy for [Value]
/Channel/Orderer/BatchTimeout not satisfied: implicit policy
evaluation failed - 0 sub-policies were satisfied, but this policy
requires 1 of the 'Admins' sub-policies to be satisfied
I sigining the envelope.pb file from all the org admins such as org1 and org2. Kindly help me with this.
Note: I have used fabric-samples first-network for this.
EDIT:
I have signed pb file with org1 and org2.I have also signed it with orderer by exporting below variables
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin\#example.com/msp/
CORE_PEER_ADDRESS=orderer.example.com:7050
CORE_PEER_LOCALMSPID=OrdererMSP
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
Logs
11-28 09:13:57.207 UTC [policies] Manager -> DEBU cc4 Manager Channel/Orderer looking up path []
2019-11-28 09:13:57.207 UTC [policies] Manager -> DEBU cc5 Manager Channel/Orderer has managers OrdererOrg
2019-11-28 09:13:57.207 UTC [policies] Evaluate -> DEBU cc6 == Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins ==
2019-11-28 09:13:57.207 UTC [policies] Evaluate -> DEBU cc7 This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign
2019-11-28 09:13:57.207 UTC [policies] Evaluate -> DEBU cc8 == Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins ==
2019-11-28 09:13:57.207 UTC [cauthdsl] deduplicate -> WARN cc9 De-duplicating identity [OrdererMSP95598fd8d4ea9aa73dad2aee5bc32375d01e3ed9da0a25c2f64ae1067af7ac74] at index 1 in signature set
2019-11-28 09:13:57.207 UTC [cauthdsl] deduplicate -> WARN cca De-duplicating identity [OrdererMSP95598fd8d4ea9aa73dad2aee5bc32375d01e3ed9da0a25c2f64ae1067af7ac74] at index 2 in signature set
2019-11-28 09:13:57.208 UTC [cauthdsl] func1 -> DEBU ccb 0xc000c99ef0 gate 1574932437208001961 evaluation starts
2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU ccc 0xc000c99ef0 signed by 0 principal evaluation starts (used [false false false])
2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU ccd 0xc000c99ef0 processing identity 0 with bytes of a1f390
2019-11-28 09:13:57.208 UTC [msp] satisfiesPrincipalInternalV143 -> DEBU cce Checking if identity has been named explicitly as an admin for OrdererMSP
2019-11-28 09:13:57.208 UTC [msp] satisfiesPrincipalInternalV143 -> DEBU ccf Checking if identity carries the admin ou for OrdererMSP
2019-11-28 09:13:57.208 UTC [msp] Validate -> DEBU cd0 MSP OrdererMSP validating identity
2019-11-28 09:13:57.208 UTC [msp] getCertificationChain -> DEBU cd1 MSP OrdererMSP getting certification chain
2019-11-28 09:13:57.208 UTC [msp] hasOURole -> DEBU cd2 MSP OrdererMSP checking if the identity is a client
2019-11-28 09:13:57.208 UTC [msp] getCertificationChain -> DEBU cd3 MSP OrdererMSP getting certification chain
2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU cd4 0xc000c99ef0 identity 0 does not satisfy principal: The identity is not an admin under this MSP [OrdererMSP]: The identity does not contain OU [ADMIN], MSP: [OrdererMSP]
2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU cd5 0xc000c99ef0 principal evaluation fails
2019-11-28 09:13:57.208 UTC [cauthdsl] func1 -> DEBU cd6 0xc000c99ef0 gate 1574932437208001961 evaluation fails
2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cd7 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cd8 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 09:13:57.208 UTC [policies] func1 -> DEBU cd9 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg/Admins ]
2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cda Signature set did not satisfy policy /Channel/Orderer/Admins
2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cdb == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins
2019-11-28 09:13:57.208 UTC [orderer.common.broadcast] ProcessMessage -> WARN cdc [channel: mychannel] Rejecting broadcast of config message from 172.25.0.7:42570 because of error: error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value] /Channel/Orderer/BatchTimeout not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
2019-11-28 09:13:57.208 UTC [orderer.common.server] func1 -> DEBU cdd Closing Broadcast stream
2019-11-28 09:13:57.208 UTC [comm.grpc.server] 1 -> INFO cde streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Broadcast grpc.peer_address=172.25.0.7:42570 grpc.code=OK grpc.call_duration=1.864323ms
2019-11-28 09:13:57.209 UTC [grpc] warningf -> DEBU cdf transport: http2Server.HandleStreams failed to read frame: read tcp 172.25.0.3:7050->172.25.0.7:42570: read: connection reset by peer
2019-11-28 09:13:57.209 UTC [grpc] infof -> DEBU ce0 transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2019-11-28 09:13:57.209 UTC [grpc] infof -> DEBU ce1 transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2019-11-28 09:13:57.209 UTC [common.deliver] Handle -> WARN ce2 Error reading from 172.25.0.7:42568: rpc error: code = Canceled desc = context canceled
2019-11-28 09:13:57.209 UTC [orderer.common.server] func1 -> DEBU ce3 Closing Deliver stream
2019-11-28 09:13:57.209 UTC [comm.grpc.server] 1 -> INFO ce4 streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.25.0.7:42568 error="rpc error: code = Canceled desc = context canceled" grpc.code=Canceled grpc.call_duration=4.921585ms
Updated env
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
CORE_PEER_LOCALMSPID=OrdererMSP
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
CORE_PEER_TLS_ENABLED=true
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin#example.com/msp/
CORE_PEER_ID=cli
CORE_PEER_ADDRESS=orderer.example.com:7050
I am facing the same issue, but on BatchSize updating.
You can see the orderer log below:
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6e This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6f == Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins ==
2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d70 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 1 in signature set
2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d71 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 2 in signature set
2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d72 0xc000453620 gate 1574940522768302200 evaluation starts
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d73 0xc000453620 signed by 0 principal evaluation starts (used [false false false])
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d74 0xc000453620 processing identity 0 with bytes of fd5830
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d75 0xc000453620 identity 0 does not satisfy principal: The identity is not an admin under this MSP [OrdererMSP]: The identity does not contain OU [ADMIN], MSP: [OrdererMSP]
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d76 0xc000453620 principal evaluation fails
2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d77 0xc000453620 gate 1574940522768302200 evaluation fails
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d78 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d79 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 11:28:42.768 UTC [policies] func1 -> DEBU d7a Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg/Admins ]
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7b Signature set did not satisfy policy /Channel/Orderer/Admins
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7c == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins
2019-11-28 11:28:42.768 UTC [orderer.common.broadcast] ProcessMessage -> WARN d7d [channel: mychannel] Rejecting broadcast of config message from 172.29.0.7:43756 because of error: error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value] /Channel/Orderer/BatchSize not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
I have tried to add an OrganizationalUnit: ADMIN in the crypto-config.yaml file, in order to fix - The identity does not contain OU [ADMIN]. The OU was added but but this doesn't help me.
I also have tried to copy the orderer sign certificate to the msp/admincerts in order to fix - The identity is not an admin under this MSP [OrdererMSP], e.g.
cp ${ORG_ADMIN_HOME}/msp/signcerts/* ${ORG_ADMIN_HOME}/msp/admincerts
Hope the above steps will help someone, I am still investigating my issue with the channel configuration update. ✌️
For you both.
https://hyperledger-fabric.readthedocs.io/en/release-1.4/msp.html#identity-classification. If you are using NodeOUs, be sure to check the config.yaml in every MSP folder is correct, that the OU fields of the admin certificates include admin (as defined in your config.yaml and in your configtx.yaml organization policies), and that your configtx.yaml at least specifies:
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_1: true
#TechChain, you are now signing with a non-admin OrdererMSP, when you have a first policy check expecting any (non-OrdererMSP) organization writer signature and a second policy check expecting an admin OrdererMSP.
Try this:
Export orderer organization environment:
export CH_NAME=<your-channel>
export CORE_PEER_LOCALMSPID="OrdererMSP"
export CORE_PEER_MSPCONFIGPATH=<ca-client-path>/organizations/ordererOrganizations/orderer.com/users/admin#orderer.com/msp/ <OR> <your-orderer-admin-msp-path>
export ORDERER_CONTAINER=localhost:7050
export ORDERER_CA=../../ca/fabric-ca-client/organizations/ordererOrganizations/orderer.com/msp/tlscacerts/<your-tls-cert>.pem <OR> <your-orderer-tlscert-path>
export FABRIC_CFG_PATH=../../peers/<your-org-peer>
Sign-in using the signconfigtx tool:
peer channel signconfigtx -f <your-enveloped-config>.pb
Try to send the config update again:
peer channel update -f <your-enveloped-config>.pb -c $CH_NAME -o $ORDERER_CONTAINER --tls --cafile $TLS_ROOT_CA
Then, the transaction maybe also needs to be signed the orderer's admin.
The way to know what signature is missing is setting FABRIC_LOGGING_SPEC=DEBUG in the orderer and looking for the orderer DEBUG messages previous to the error. There you can see every signature certificate received in pem format and which organizations and roles are checked an passed (or not). I know that logs allergy spreads among many StackOverflow users, but it's the only way to find out what's going on.
EDIT:
What I mean:
Set FABRIC_LOGGING_SPEC=DEBUG in your orderer/s.
Relaunch your orderers so the new environment variable is applied.
Debug the process of checking the policies painstakingly and patiently.
docker logs -f --tail 200 myorderercontainer 2>&1 | grep ERRO -B100 -A10
Thanks, #kekomal!
I have checked config.yaml files in every MSP folder.For example the one for the OrderereMSP looks like this:
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
I have updated and the channel capabilities section with:
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V1.4.3 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v1.4.3
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V1.4.3 channel capabilities, ensure that all
# orderers and peers on a channel are at v1.4.3 or later.
V1_4_3: true
# V1.3 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.3
V1_3: true
# V1.1 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.1
V1_1: true
The end result is the same, failed channel update tx.
If you have any other suggestions, please share.
Related
i'm studying the fabric ca operations guide document.
But when i trying to instantiate the chaincode , error occured.
Instantiate command:
peer chaincode instantiate -C mychannel -n mycc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -o orderer1-org0:7050 --tls --cafile /tmp/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
error message :
2020-02-21 04:13:57.176 UTC [grpc] switchBalancer -> DEBU 045 ClientConn switching balancer to "pick_first"
2020-02-21 04:13:57.176 UTC [grpc] HandleSubConnStateChange -> DEBU 046 pickfirstBalancer: HandleSubConnStateChange: 0xc0003c3d70, CONNECTING
2020-02-21 04:13:57.179 UTC [grpc] HandleSubConnStateChange -> DEBU 047 pickfirstBalancer: HandleSubConnStateChange: 0xc0003c3d70, READY
2020-02-21 04:13:57.179 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 048 Using default escc
2020-02-21 04:13:57.179 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 049 Using default vscc
2020-02-21 04:13:57.180 UTC [msp.identity] Sign -> DEBU 04a Sign: plaintext: 0AD8080A6608031A0B0885B2BDF20510...30300A000A04657363630A0476736363
2020-02-21 04:13:57.180 UTC [msp.identity] Sign -> DEBU 04b Sign: digest: 5480C64F725F648C381B7820B6EA079636CA6C6A8C1D51319B30116653888FF1
Error: could not assemble transaction, err proposal response was not successful, error code 500, msg transaction returned with failure: Attribute 'abac.init' was not found
Can anyone explain to me? Thanks
Your Init function is being called when instantiating, but it is failing.
I suppose your chaincode is https://github.com/hyperledger/fabric-samples/blob/release-1.4/chaincode/abac/go/abac.go. The fact is that the requestor certificate should have the attribute "abac.init" to true, but yours haven't. That's defined during the Fabric CA registration and included in your enrolled certificate.
Orderer logs show following error(highlighted) during broadcast even though the transaction is successful and committed to all peers:
2018-12-19 13:43:42.724 UTC [policies] Evaluate -> DEBU 997 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Writers
2018-12-19 13:43:42.724 UTC [orderer/common/broadcast] Handle -> DEBU 998 [channel: mychannel] Broadcast has successfully enqueued message of type ENDORSER_TRANSACTION from 172.19.0.7:40978
2018-12-19 13:43:42.724 UTC [orderer/common/blockcutter] Ordered -> DEBU 999 Enqueuing message into batch
2018-12-19 13:43:42.724 UTC [orderer/consensus/solo] main -> DEBU 99a Just began 2s batch timer
2018-12-19 13:43:42.730 UTC [grpc] infof -> DEBU 99b transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2018-12-19 13:43:42.730 UTC [orderer/common/broadcast] Handle -> WARN
99c Error reading from 172.19.0.7:40978: rpc error: code = Canceled
desc = context canceled
2018-12-19 13:43:42.731 UTC [orderer/common/server] func1 -> DEBU 99d Closing Broadcast stream
2018-12-19 13:43:44.724 UTC [orderer/consensus/solo] main -> DEBU 99e Batch timer expired, creating block
2018-12-19 13:43:44.724 UTC [msp] GetDefaultSigningIdentity -> DEBU 99f Obtaining default signing identity
Fabric Config: All configs and setup same as specified in Build you First Network tutorial at https://hyperledger-fabric.readthedocs.io/en/release-1.3/build_network.html
Query
What is meant by this error? What does orderer read from cli(IP of cli: 172.19.0.7:40978) during broadcast?
I'm trying to create channel to test my fabric environment, and I don't use docker instead I am running the actual executable itself. However, the creation failed with errors.
Error on the orderer:
2018-09-04 20:36:55.034 CST [cauthdsl] deduplicate -> ERRO 251 Principal deserialization failure (MSP OrdererOrg is unknown) for identity 0a0a4f7264657265724f72671281062d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d4949434444434341624b67417749424167495158346c644c424e55705271796451705845475767446a414b42676771686b6a4f50515144416a42704d5173770a435159445651514745774a56557a45544d4245474131554543424d4b5132467361575a76636d3570595445574d4251474131554542784d4e5532467549455a790a5957356a61584e6a627a45554d4249474131554543684d4c5a586868625842735a53356a62323078467a415642674e5642414d54446d4e684c6d5634595731770a62475575593239744d423458445445344d446b774e4445794d6a55784d466f58445449344d446b774d5445794d6a55784d466f775744454c4d416b47413155450a42684d4356564d78457a415242674e5642416754436b4e6862476c6d62334a7561574578466a415542674e564241635444564e6862694247636d467559326c7a0a593238784844416142674e5642414d54453239795a4756795a5849755a586868625842735a53356a623230775754415442676371686b6a4f50514942426767710a686b6a4f50514d4242774e434141514670514e4b7665305a332f5059377369315730537550553347326d6a61366b3744495756727a41766541516d6a4169415a0a6e4b6d6c4c4a742b5164655a4e4342446c6558742b72384b69656c4d72556b6e7159554e6f303077537a414f42674e56485138424166384542414d43423441770a44415944565230544151482f424149774144417242674e5648534d454a444169674341716e446c77684434524f6e6f6b424d72476249496d51724871697934680a6e514279524657617a5233774f54414b42676771686b6a4f5051514441674e4941444246416945416b6c356336596a64515038565352384679694462393553310a325130633032727269593662764a454d53544d4349435445346f6f79627843414a577a5a4f5069507173766d4c53667a316238676a337572692b5a434d664e470a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a
>2018-09-04 20:36:55.035 CST [cauthdsl] func1 -> DEBU 252 0xc00000f0e8 gate 1536064615035064391 evaluation starts
2018-09-04 20:36:55.035 CST [cauthdsl] func2 -> DEBU 253 0xc00000f0e8 signed by 0 principal evaluation starts (used [false])
2018-09-04 20:36:55.035 CST [cauthdsl] func2 -> DEBU 254 0xc00000f0e8 principal evaluation fails
2018-09-04 20:36:55.035 CST [cauthdsl] func1 -> DEBU 255 0xc00000f0e8 gate 1536064615035064391 evaluation fails
2018-09-04 20:36:55.035 CST [policies] Evaluate -> DEBU 256 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Writers
2018-09-04 20:36:55.035 CST [policies] Evaluate -> DEBU 257 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Writers
2018-09-04 20:36:55.035 CST [policies] func1 -> DEBU 258 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg.Writers ]
2018-09-04 20:36:55.035 CST [policies] Evaluate -> DEBU 259 Signature set did not satisfy policy /Channel/Orderer/Writers
2018-09-04 20:36:55.035 CST [policies] Evaluate -> DEBU 25a == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Writers
2018-09-04 20:36:55.035 CST [policies] func1 -> DEBU 25b Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Orderer.Writers Consortiums.Writers ]
2018-09-04 20:36:55.035 CST [policies] Evaluate -> DEBU 25c Signature set did not satisfy policy /Channel/Writers
2018-09-04 20:36:55.035 CST [policies] Evaluate -> DEBU 25d == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Writers
2018-09-04 20:36:55.035 CST [orderer/common/broadcast] Handle -> WARN 25e [channel: roberttestchannel] Rejecting broadcast of config message from 192.168.136.100:54494 because of error: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
2018-09-04 20:36:55.035 CST [orderer/common/server] func1 -> DEBU 25f Closing Broadcast stream
2018-09-04 20:36:55.037 CST [common/deliver] Handle -> WARN 260 Error reading from 192.168.136.100:54492: rpc error: code = Canceled desc = context canceled
2018-09-04 20:36:55.037 CST [orderer/common/server] func1 -> DEBU 261 Closing Deliver stream
2018-09-04 20:36:55.037 CST [grpc] infof -> DEBU 262 transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2018-09-04 20:36:55.037 CST [grpc] infof -> DEBU 263 transport: loopyWriter.run returning. connection error: desc = "transport is closing"
Error on the peer:
2018-09-04 20:36:55.007 CST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
I have tried to reboot or delete all the project files. But it didn't work.
Thank you for your attention!
Here is the condition from you description:
modifying the crypto-config.yaml and configtx.yaml file to create your own fabric network.
using cryptogen and configtxgen to generate the channel artifacts and keycerts file
then your may use fabric-tool or Node-SDK to handle the fabric network like enroll the user, create channel and join channel.
the error threw out when your are create channel
In the head of the log, it shows that MSP OrdererOrg is unknown. That problem may cause by after using orderer certs signed the channel-creating request then the client sent the request to the orderer. It is fine that you use the order to sign the channel-creating request, only if you configured your Signature policy to your target member. Like setting the Rule like:
Policies:
Readers:
Type: Signature
Rule: "OR('OrgOrderer.admin','OrgOrderer.client')"
Writers:
Type: Signature
Rule: "OR('OrgOrderer.admin')"
If you are left the Policies setting to blank, it will follow the default policy.
The logs similar to Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Writers do shows that your signature is not valid. If you want to know more detail about what specific policy configuration, using the configentx to inspect the channel.tx or genesis.block:
configtxgen -inspectBlock ./channel-artifacts/genesis.block -configPath ./crypto-config/example.com/ >genesis.json
configtxgen -inspectChannelCreateTx ./channel-artifacts/channel.tx --configPath ./crypto-config/example.com/ >channel.json
I am trying to enable peer/orderer logging in the Balance Transfer sample of Hyperledger Fabric, so I can understand the step-by-step consensus and transaction process of my Hyperledger Fabric project.
---------
If we start the blockchain network of chaincode-docker-devmode, and go to the Terminal 1 where this command below is executed
docker-compose -f docker-compose-simple.yaml up
We can easily see all the peer/orderers/cli logs in the terminal, for example like this:
peer | 2018-07-26 08:58:07.426 UTC [chaincode] Execute -> DEBU 73d Entry
peer | 2018-07-26 08:58:07.426 UTC [chaincode] Execute -> DEBU 73e chaincode canonical name: escc:1.1.0
orderer | 2018-07-26 08:58:07.434 UTC [policies] Evaluate -> DEBU 3c4 Signature set satisfies policy /Channel/Orderer/SampleOrg/Writers
orderer | 2018-07-26 08:58:07.434 UTC [policies] Evaluate -> DEBU 3c5 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/SampleOrg/Writers
orderer | 2018-07-26 08:58:07.434 UTC [policies] Evaluate -> DEBU 3c6 Signature set satisfies policy /Channel/Orderer/Writers
peer | 2018-07-26 08:58:07.426 UTC [chaincode] sendExecuteMessage -> DEBU 73f [82a18317]Inside sendExecuteMessage. Message TRANSACTION
peer | 2018-07-26 08:58:07.426 UTC [chaincode] setChaincodeProposal -> DEBU 740 Setting chaincode proposal context...
orderer | 2018-07-26 08:58:07.435 UTC [policies] Evaluate -> DEBU 3c7 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Writers
orderer | 2018-07-26 08:58:07.435 UTC [policies] Evaluate -> DEBU 3c8 Signature set satisfies policy /Channel/Writers
orderer | 2018-07-26 08:58:07.435 UTC [policies] Evaluate -> DEBU 3c9 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Writers
orderer | 2018-07-26 08:58:07.436 UTC [orderer/common/blockcutter] Ordered -> DEBU 3ca Enqueuing message into batch
orderer | 2018-07-26 08:58:07.436 UTC [orderer/common/broadcast] Handle -> DEBU 3cb [channel: myc] Broadcast has successfully enqueued message of type ENDORSER_TRANSACTION from 172.23.0.5:57804
peer | 2018-07-26 08:58:07.426 UTC [chaincode] setChaincodeProposal -> DEBU 741 Proposal different from nil. Creating chaincode proposal context...
In my case, I want to replicate that condition into the Balance Transfer sample. So when I run ./runApp.sh, it will show all the logs.
How can I do that? What environment should I put in Balance Transfer's docker-compose.yaml file?
Thanks!
In balance transfer go to directory artifacts and type this command.
docker-compose -f docker-compose.yaml logs -f for live logging.[1][2]
docker-compose -f docker-compose.yaml logs` for upto the point logs with no live logging.
NOTE : When you run the script in balance-transfer, docker starts the docker containers in detached mode : Run containers in the background,print new container names. That's the reason logs are not shown as soon as containers are orchestrated.[3][4]
References :
[1] : Docker - How do I view real time logging of Docker containers? (https://success.docker.com/article/view-realtime-container-logging)
[2] : docker container logs | Docker Documentation (https://docs.docker.com/engine/reference/commandline/container_logs/)
[3] : docker run | Docker Documentation (https://docs.docker.com/engine/reference/commandline/run/)
[4] : docker-compose up | Docker Documentation (https://docs.docker.com/compose/reference/up/)
I am trying to build Hyperledger network like balanace-transfer from fabric-samples.
I have error
status: 'BAD_REQUEST',
- info: 'Error authorizing update: Error validating DeltaSet: Policy for [Groups] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining'
docker logs orderer.exmaple.com output
.
-2018-06-26 14:41:04.631 UTC [policies] Evaluate -> DEBU 120 Signature set did not satisfy policy /Channel/Application/Gov1MSP/Admins
-2018-06-26 14:41:04.631 UTC [policies] Evaluate -> DEBU 121 == Done Evaluating *cauthdsl.policy Policy /Channel/Application/Gov1MSP/
-2018-06-26 14:41:04.631 UTC [policies] func1 -> DEBU 122 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Gov1MSP.Admins ]
-2018-06-26 14:41:04.631 UTC [policies] Evaluate -> DEBU 123 Signature set did not satisfy policy /Channel/Application/ChannelCreationPolicy
-2018-06-26 14:41:04.631 UTC [policies] Evaluate -> DEBU 124 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy
-2018-06-26 14:41:04.631 UTC [orderer/common/broadcast] Handle -> WARN 125 [channel: usachannel] Rejecting broadcast of config message from 172.18.0.1:46638 because of error: Error authorizing update: Error validating DeltaSet: Policy for [Groups] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
-2018-06-26 14:41:04.631 UTC [orderer/common/server] func1 -> DEBU 126 Closing Broadcast stream
I generate artifacts with cryptogen and configtxgen
I know that this error comes with wrong certificates when trying to create a channel
I can create channel, join peer, add new peers and add new channels with cli, e.g. same step with cli
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/Admin#org1.example.com/msp" peer0.org1.example.com peer channel create -o orderer.example.com:7050 -c usachannel -f /etc/hyperledger/configtx/channel.tx works properly
Thank you for your help