I am setting up a server composed of two organizations (3 later), as shown in the following link : https://hyperledger-fabric.readthedocs.io/en/release-1.4/network/network.html
However, the consortium must not contain the two organizations (Org1 and Org2) but only organization 1 (Org1) as shown in this image: https://imgur.com/a/gcBcINq
In my configtx.yaml file, I set the SampleConsortium value as a follow:
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
# - *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
So I define a consortium with a single organization: Org2.
However, when instantiating my channel with the line of code
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example. com-cert.pem
The screen displays an error telling me: Error: got unexpected status: BAD_REQUEST -- Attempted to include a member which is not in the consortium
Do you have an idea to generate my channel by having only one organization in my consortium?
Thank you very much in advance for your answers :)
PS : This is my first project with hyperledger fabric, so I am still "new" with this technology. However, it seems to me that there is no indication that a consortium should not have at least 2 organizations.
You have to comment Org2 from TwoOrgsChannel profile. then you will be able to create my channel once this is done you can add Org2 by updating the channel config for further details you can refer read the docs https://hyperledger-fabric.readthedocs.io/en/release-1.4/channel_update_tutorial.html
Thank you very much, your solution worked. However, I can only add the Org1 Organization in my channel. If I comment on the Org2 line, an error
Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'mychannel', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
While my configtx.yaml file looks like this:
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
# - *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
Related
I am following https://hyperledger-fabric.readthedocs.io/en/release-2.1/create_channel/create_channel.html tutorial.
first of all, i didnt find TwoOrgsChannel in profile in configtx.yaml in my version, so i added this section to the profile and got it work and successes in creating a channel creation transaction for channel1.
but the command after that which will create the channel using peer channel create, return an error that i searched for but didnt get any similar post, which is:
Endorser and orderer connections initialized
Error: got unexpected status: BAD_REQUEST -- channel creation request not allowed because the orderer system channel is not defined
the section i had added to profile is:
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
Have you created Orderer profile in your configtx.yaml ?
Ordered system channel is required for order and peer for channel initialization.
Refer this link for configtx.yaml
https://medium.com/#msakhilvinayak/understanding-configurations-in-hyperledger-fabric-ff3f5c23625a
I have existing hyperledger fabric setup with 2 organisations, 5 orderers and 1 channel, I want to create a new channel and want to make only 3 orderers (out of 5) as part of the new channel, for that I have mentioned the orderer details on channel profile section as follow:
NewChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer3.example.com
Port: 13050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 14050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 15050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
Addresses:
- orderer3.example.com:13050
- orderer4.example.com:14050
- orderer5.example.com:15050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
I have created channel transaction file without any issue by using -channelCreateTxBaseProfile argument but while creating the channel I'm getting following error:
Error: got unexpected status: BAD_REQUEST -- error validating channel
creation transaction for new channel 'channel11', could not
successfully apply update to template configuration: error authorizing
update: error validating DeltaSet: policy for [Value]
/Channel/OrdererAddresses not satisfied: implicit policy evaluation
failed - 0 sub-policies were satisfied, but this policy requires 1 of
the 'Admins' sub-policies to be satisfied
I'm not able to identify the exact issue with policy, can any one advise about the issue and how to resolve it.
try to use orderer admin msp instead of peer admin msp
when you update channel config ,set env like these :
export CORE_PEER_LOCALMSPID="OrdererMSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PROJECT_PATH}/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PROJECT_PATH}/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
I am setting up a single organization Hyperledger Fabric network.I want to create multiple channels within the organization and restrict access to channels? i.e., peerA has access only on channelA and peerB has access only on channelB
Can I get some insight on how to create different channels on different peers of the organisations?
Let me explain clearly,
Hyperledger fabric is a consortium oriented
Consortium is the high-level and channel, organizations are subset of consortium , which means one consortium contains channels and organizations
one channel can have multiple organizations
organizations participate in the channel by joining their peers
Each channel has a separate ledger
Coming to your question
peerA has access only on channelA and peerB has access only on channelB
join peerA of org1 to only channelA
join peerB of org1 to only channelB
Can I create multiple channels within the organization and restrict access to channels?
YES, you can create as no of channel you want
below I presented the configtx with two channels
Organizations:
- &org1
Name: org1
ID: org1MSP
MSPDir: ./data/orgs/org1/msp
AnchorPeers:
- Host: org1-peer-org1
- Port: 7051
- &org2
Name: org2
ID: org2MSP
MSPDir: ./data/orgs/org2/msp
AnchorPeers:
- Host: org2-peer-org2
- Port: 7051
Capabilities:
Global: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Profiles:
OrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
OrdererType: kafka
Addresses:
- org1-orderer-org1:7050
- org2-orderer-org2:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 56
AbsoluteMaxBytes: 34 MB
PreferredMaxBytes: 4354 KB
Kafka:
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
Organizations:
- *org1
- *org2
Capabilities:
<<: *OrdererCapabilities
Consortiums:
transport:
Organizations:
- *org1
- *org2
OrgsChannel1:
Consortium: transport
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
OrgsChannel2:
Consortium: transport
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
Capabilities:
<<: *ApplicationCapabilities
I am struggling so hard to write policy for creating channel (ChannelCreationPolicy) here is my configtx.yaml
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ../crypto-config/ordererOrganizations/orderer-org/msp
- &ShopOrg
Name: ShopOrgMSP
ID: ShopOrgMSP
MSPDir: ../crypto-config/peerOrganizations/shop-org/msp
AnchorPeers:
- Host: shop-peer-0
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer0:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Application: &ApplicationDefaults
Organizations:
Profiles:
TwoOrgGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
InsuranceConsortium:
# ChannelCreationPolicy:
# Admins:
# Type: Signature
# Rule: "OR('ShopOrgMSP.admin')"
Organizations:
- *ShopOrg
TwoOrgChannel:
Consortium: InsuranceConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ShopOrg
I tried to put ChannelCreationPolicy block above in the commented area but it says : 'Profiles[TwoOrgGenesis].Consortiums[InsuranceConsortium]' has invalid keys: ChannelCreationPolicy
I can't find place for ChannelCreationPolicy inside that .yaml. So how can I write policy so that, for example, only ShopOrgMSP admins could create channel?
Looking at the source for configtxgen, it doesn't look like channel creation policies are supported by the tool. You would need to submit this change as a config update transaction.
Unfortunately, this is a highly non-trivial process, but at least there is an example (for adding an org to a channel) here.
Error from docker logs: Existing config does not contain element for [Groups] /Channel/Application
The configtx.yaml for generating genesis.block
Profiles:
OrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrgs
Consortiums:
SampleConsortium:
Organizations:
Organizations:
- &OrdererOrgs
Name: orderer0
ID: orderer0
MSPDir: crypto-config/ordererOrganizations/test.com/msp
AdminPrincipal: Role.Admin
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer0:7050
BatchTimeout: 2s
MaxChannels: 0
Application: &ApplicationDefaults
Organizations:
The configtx.yaml for generating channel.tx
Profiles:
OrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *org
Organizations:
- &org
Name: org
ID: org
MSPDir: crypto-config/peerOrganizations/org.org.com/msp
AdminPrincipal: Role.Admin
AnchorPeers:
- Host: peer0
Port: 7051
Application: &ApplicationDefaults
Organizations:
Is this a valid scenario where we can generate genesis.block first [without specifying organization details] and then finally creating channel.tx by specifying org details?