I'm trying to build a network with a single orderer and 3 organizations, each organization with a single peer node on AWS with Hyperledger Fabric Version 2. I can successfully generate the genesis block for orderer and channel configuration transaction using configtxgen with following commands:
configtxgen -profile ThreeOrgsOrdererGenesis -channelID ordererchannel -outputBlock ./config/genesis.block
configtxgen -profile ChannelAll -outputCreateChannelTx ./config/channel.tx -channelID channelall
Here is my configtx.yaml file: (The policies here are not a good practice, just experimenting)
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ./crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.member')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: ./crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.member')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.member')"
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: ./crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.member')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.member')"
- &Org3
Name: Org3MSP
ID: Org3MSP
MSPDir: ./crypto-config/peerOrganizations/org3.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org3MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org3MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org3MSP.member')"
Endorsement:
Type: Signature
Rule: "OR('Org3MSP.member')"
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V2_0: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 300
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
ThreeOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
- *Org3
ChannelAll:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
Capabilities:
<<: *ApplicationCapabilities
When I join peer1 to the channel I create, I get the following warning in my orderer's docker logs:
Handle -> WARN 008 Error reading from 172.31.19.174:35362: rpc error: code = Canceled desc = context canceled
At first, I just ignored this warning and joined the other nodes to the channel. However, I wasn't able to connect to the blockchain with my client program which makes use Fabric Node SDK, so I believe this is the root cause of the problem.
I've noticed that you use
configtxgen -profile OneOrgOrdererGenesis
while in your configtx.yaml in Profile section is ThreeOrgsOrdererGenesis.
Maybe you should try to generate crypto files with following commands:
configtxgen -profile ThreeOrgsOrdererGenesis -channelID ordererchannel -outputBlock ./config/genesis.block
configtxgen -profile ChannelAll -outputCreateChannelTx ./config/channel.tx -channelID channelall
Related
I am trying to set up a fabric network, and attempt to access to fabric-sdk by config.yaml, but fail.
I have generated genesis.block, channel.tx, Org1MSPAnchors.tx by configtx.yaml. The compiled program which trys to access to fabric-sdk is writed by golang.
the error infomation is below.
Fabric SDK 初始化成功
创建应用通道失败:create channel failed: create channel failed: SendEnvelope failed: calling
orderer 'localhost:7050' failed: Orderer Server Status Code: (403) FORBIDDEN. Description:
Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
and the screenshots are as follows
enter image description here
enter image description here
and detail of configtx.yaml is below:
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ./crypto-config/ordererOrganizations/onlyto.infomanager.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: ./crypto-config/peerOrganizations/org1.onlyto.infomanager.com/msp
Policies:
Readers:
Type: Signature
# Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Rule: "OR('Org1MSP.member')"
Writers:
Type: Signature
#Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Rule: "OR('Org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.member')"
AnchorPeers: #指明org1中使用peer0作为锚节点
- Host: peer0.org1.onlyto.infomanager.com
Port: 7051
Capabilities:
Global: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_2: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.onlyto.infomanager.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OneOrgOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
Capabilities:
<<: *ApplicationCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
OneOrgChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
Capabilities:
<<: *ApplicationCapabilities
Update your org policies like this.
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
Network configuration:
I have a Hyperledger Fabric network with 5 orgs and 6 channels. Each org has a single peer, and the orderer is part of one of the peer organizations (named PSU). All organizations are members of the channels "uam.psu.registration", "fuh.vertiport.operations", and "air.traffic.control". All channels except one (PSU) are members on the channel "fuh.financial.operations". All organizations except Fly-Us-Hospitality are part of the channel "vehicle.telemetry". Only PSU is part of the channel "secure.airspace".
Issue:
I successfully create all the channels and join the organizations to the corresponding channels without error. Then I try to update the anchor peers. For each org, for each channel it participates in, I run peer channel update -o localhost:7050 --ordererTLSHostnameOverrider orderer.psu.secure.airspace -c <channel_name> -f ./channel-artifacts/<channel_name>/<org>MSPanchors.tx --tls true --cafile $ORDERER_CA where $ORDERER_CA is set appropriately.
It doesn't show any error message on the terminal, but on logspout I see
peer0.boeing.secure.airspace.com|2020-09-15 19:58:10.384 UTC [gossip.comm] authenticateRemotePeer -> ERRO 001 Failed verifying signature from 172.29.0.2:59660 : implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied
peer0.boeing.secure.airspace.com|2020-09-15 19:58:10.384 UTC [gossip.comm] GossipStream -> ERRO 002 Authentication failed: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied
For each peer channel update... command mentioned above. Any one have any ideas why I'm seeing this?
Here is my configtx.yaml file:
Organizations:
- &PSU
Name: PSUMSP
SkipAsForeign: false
ID: PSUMSP
MSPDir: crypto-config/peerOrganizations/psu.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('PSUMSP.member')"
Writers:
Type: Signature
Rule: "OR('PSUMSP.member')"
Admins:
Type: Signature
Rule: "OR('PSUMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('PSUMSP.member')"
OrdererEndpoints:
- orderer.psu.secure.airspace.com:7050
AnchorPeers:
- Host: peer0.psu.secure.airspace.com
Port: 7051
- &Boeing
Name: BoeingMSP
ID: BoeingMSP
MSPDir: crypto-config/peerOrganizations/boeing.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('BoeingMSP.member')"
Writers:
Type: Signature
Rule: "OR('BoeingMSP.member')"
Admins:
Type: Signature
Rule: "OR('BoeingMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('BoeingMSP.member')"
AnchorPeers:
- Host: peer0.boeing.secure.airspace.com
Port: 8051
- &Uber
Name: UberMSP
ID: UberMSP
MSPDir: crypto-config/peerOrganizations/uber.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('UberMSP.member')"
Writers:
Type: Signature
Rule: "OR('UberMSP.member')"
Admins:
Type: Signature
Rule: "OR('UberMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('UberMSP.member')"
AnchorPeers:
- Host: peer0.uber.secure.airspace.com
Port: 9051
- &AirBus
Name: AirBusMSP
ID: AirBusMSP
MSPDir: crypto-config/peerOrganizations/airbus.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('AirBusMSP.member')"
Writers:
Type: Signature
Rule: "OR('AirBusMSP.member')"
Admins:
Type: Signature
Rule: "OR('AirBusMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('AirBusMSP.member')"
AnchorPeers:
- Host: peer0.airbus.secure.airspace.com
Port: 10051
- &Fly-Us-Hospitality
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/msP
Policies:
Readers:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
Writers:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
Admins:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
AnchorPeers:
- Host: peer0.fly-us-hospitality.secure.airspace.com
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.psu.secure.airspace.com
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls/server.crt
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
- *PSU
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
RegistrationProfile:
Consortium:
GeneralChannel:
Consortium: GeneralConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
Capabilities:
<<: *ApplicationCapabilities
VehicleOperationsChannel:
Consortium: VehicleOperationsConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
Capabilities:
<<: *ApplicationCapabilities
FinancialOperationsChannel:
Consortium: FinancialOperationsConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
Capabilities:
<<: *ApplicationCapabilities
SecureAirspaceChannel:
Consortium: SecureAirspaceConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *PSU
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SecureAirspaceConsortium:
Organizations:
- *PSU
FinancialOperationsConsortium:
Organizations:
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
VehicleOperationsConsortium:
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
GeneralConsortium:
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
And my docker-compose.yaml file
version: "2"
#networks:
# network3.1:
services:
ca-psu:
container_name: ca.psu.secure.airspace.com
hostname: ca.psu.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.psu.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.psu.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.psu.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-boeing:
container_name: ca.boeing.secure.airspace.com
hostname: ca.boeing.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.boeing.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.boeing.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.boeing.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-uber:
container_name: ca.uber.secure.airspace.com
hostname: ca.uber.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.uber.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.uber.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.uber.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-airbus:
container_name: ca.airbus.secure.airspace.com
hostname: ca.airbus.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.airbus.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.airbus.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.airbus.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-fly-us-hospitality:
container_name: ca.fly-us-hospitality.secure.airspace.com
hostname: ca.fly-us-hospitality.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.fly-us-hospitality.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.fly-us-hospitality.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.fly-us-hospitality.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.psu.secure.airspace.com:
container_name: orderer.psu.secure.airspace.com
image: hyperledger/fabric-orderer:2.2
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=ERROR
- FABRIC_LOGGING_SPEC=ERROR
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.psu.secure.airspace.com:
container_name: peer0.psu.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=PSUMSP
- CORE_PEER_ID=peer0.psu.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.psu.secure.airspace.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.psu.secure.airspace.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.psu.secure.airspace.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.psu.secure.airspace.com:7051
volumes:
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/peer0.psu.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/peer0.psu.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.boeing.secure.airspace.com:
container_name: peer0.boeing.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=BoeingMSP
- CORE_PEER_ID=peer0.boeing.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.boeing.secure.airspace.com:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.boeing.secure.airspace.com:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.boeing.secure.airspace.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.boeing.secure.airspace.com:8051
volumes:
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/peers/peer0.boeing.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/peers/peer0.boeing.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.uber.secure.airspace.com:
container_name: peer0.uber.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=UberMSP
- CORE_PEER_ID=peer0.uber.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.uber.secure.airspace.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.uber.secure.airspace.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.uber.secure.airspace.com:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.uber.secure.airspace.com:9051
volumes:
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/peers/peer0.uber.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/peers/peer0.uber.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.airbus.secure.airspace.com:
container_name: peer0.airbus.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=AirBusMSP
- CORE_PEER_ID=peer0.airbus.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.airbus.secure.airspace.com:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.airbus.secure.airspace.com:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.airbus.secure.airspace.com:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.airbus.secure.airspace.com:10051
volumes:
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/peers/peer0.airbus.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/peers/peer0.airbus.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.fly-us-hospitality.secure.airspace.com:
container_name: peer0.fly-us-hospitality.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=Fly-Us-HospitalityMSP
- CORE_PEER_ID=peer0.fly-us-hospitality.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.fly-us-hospitality.secure.airspace.com:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.fly-us-hospitality.secure.airspace.com:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.fly-us-hospitality.secure.airspace.com:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.fly-us-hospitality.secure.airspace.com:11051
volumes:
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/peers/peer0.fly-us-hospitality.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/peers/peer0.fly-us-hospitality.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
Before executing each peer channel update .. command, I update the corresponding environment variables:
CORE_PEER_LOCALMSPID=MSP
CORE_PEER_TLS_ROOTCERT_FILE=/peerOrganizations/<org.domain>/peers/peer0.<org.domain>/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/peerOrganizations/<org.domain>/users/Admin#<org.domain>/msp
CORE_PEER_ADDRESS=localhost:
Note: I am not affiliated with any companies whose name I am using in this network.
Before executing the peer update command, please check below env variables.
# change Org1MSP to your org msp name
export CORE_PEER_LOCALMSPID="Org1MSP"
# here org name accordingly
export CORE_PEER_MSPCONFIGPATH=${PWD}/crypto-config/peerOrganizations/org1.com/users/Admin#org1.com/msp
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/crypto-config/peerOrganizations/org1.com/peers/peer1.org1.com/tls/ca.crt
Above values are for reference only. You have to check that they are pointing to correct path.
I am trying to experiment HLF 2.0 chain code lifecycle following the official doc
The network has 3 ordering nodes with two orgs and one peer each
But on the chain code commit I am getting the error
committed with status (ENDORSEMENT_POLICY_FAILURE) at peer1.base.right:9051
configtx.yml
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/base.order/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: LeftOrgMSP
ID: LeftOrgMSP
MSPDir: crypto-config/peerOrganizations/base.left/msp
Policies:
Readers:
Type: Signature
Rule: "OR('LeftOrgMSP.admin', 'LeftOrgMSP.peer', 'LeftOrgMSP.client','LeftOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('LeftOrgMSP.admin', 'LeftOrgMSP.client','LeftOrgMSP.peer','LeftOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('LeftOrgMSP.admin','LeftOrgMSP.peer')"
Endorsement:
Type: Signature
Rule: "OR('LeftOrgMSP.peer')"
AnchorPeers:
- Host: peer1.base.left
Port: 7051
- &Org2
Name: RightOrgMSP
ID: RightOrgMSP
MSPDir: crypto-config/peerOrganizations/base.right/msp
Policies:
Readers:
Type: Signature
Rule: "OR('RightOrgMSP.admin', 'RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('RightOrgMSP.admin','RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('RightOrgMSP.admin','RightOrgMSP.peer')"
Endorsement:
Type: Signature
Rule: "OR('RightOrgMSP.peer')"
AnchorPeers:
- Host: peer1.base.right
Port: 9051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *ChannelCapabilities
Profiles:
MainChannel:
Consortium: BaseConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
Raft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1.base.order
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
- Host: orderer2.base.order
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
- Host: orderer3.base.order
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
Addresses:
- orderer1.base.order:7050
- orderer2.base.order:8050
- orderer3.base.order:9050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
BaseConsortium:
Organizations:
- *Org1
- *Org2
While checking the read commit ness I am having the desired output
{
"approvals": {
"LeftOrgMSP": true,
"RightOrgMSP": true
}
}
Chaincode approve
peer lifecycle chaincode approveformyorg --channelID basechannel --name fabcar --version 1.0 --init-required --package-id fabcar_1:206a5ce87aefb8b9780b75451523c2aa3ef718ceebaaeae5082ae88ea259b305 --sequence 1 -o orderer1.base.order:7050 --tls --cafile $CA_PATH
Chaincode commit command
peer lifecycle chaincode commit -o orderer1.base.order:7050 --channelID basechannel --name fabcar --version 1.0 --sequence 1 --init-required --tls true --cafile $ORDER_CA_PATH --peerAddresses peer1.base.right:9051 --tlsRootCertFiles $PATH_RIGHT --peerAddresses peer1.base.left:7051 --tlsRootCertFiles $PATH_LEFT
Not sure why I m getting that error
I am considering the fact that all the peers containers are up and MSP names are right.
It seems like the block validation policy is missing.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
I met the same problem two days ago and I just solved it. There was nothing wrong with my configuration files and operations before committing the chaincode, but I still got ENDORSEMENT_POLICY_FAILURE. After checking the debug log ,I found that you are supposed to commit the chaincode to enough endorsement nodes at the same time to get enough signatures to make sure that endorsement will be successful, there was more than 30 orgs in my fabric network but in the very beginning I only committed the chaincode to one node, this was no surprise I got this error.
I just figured it out. When I was invoking the chaincode I was including as --peerAddresses only one of the two peers that I have in my network. And as my policy says, it needs MAJORITY Endorsement in Endorsement Policy. So, I had to include 2/2 peers in the invoke command.
In my case, my blockchain used to be version 1.4 and I created the channel after migrating, it was missing the policy "endorsement" needed for lifecycle endorsement and endorsement, and some capabilities where under 2.0
I'm trying to enroll & register an admin to perform peer operations.
This is the bash code:
#!/bin/bash
user="$1"
pass="$2"
org="$3"
type="$4"
tlscerts="/chainset/hyperledger-config/crypto-config/ordererOrganizations/default.svc.cluster.local/msp/tlscacerts/ca-root-7054.pem"
fabric-ca-client enroll -u http://admin:adminpw#ca-root:7054
fabric-ca-client register --id.name ${user} --id.secret ${pass} --id.type ${type} --id.affiliation ${org} --id.attrs 'hf.Revoker=true,admin=true:ecert' -u http://ca-root:7054 --tls.certfiles ${tlscerts}
export FABRIC_CA_CLIENT_HOME=/chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/
fabric-ca-client enroll -u http://${user}:${pass}#ca-root:7054 --id.affiliation ${org} --tls.certfiles ${tlscerts}
mv /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/signcerts/cert.pem /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/signcerts/${user}#${org}-cert.pem
mkdir /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/admincerts/
cp /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/signcerts/* /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/admincerts/
When I try to create a new channel I get this error:
Description: error validating channel creation transaction for new channel 'newchannelf', could not successfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
This is my configtx.yml configuration. I don't know if it is a problem with the policies in this configuration file or if I'm not registering & enrolling the user correctly.
Organizations:
- &orderer
Name: orderer
ID: orderer
MSPDir: crypto-config/ordererOrganizations/default.svc.cluster.local/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orderer.member')"
Writers:
Type: Signature
Rule: "OR('orderer.member')"
Admins:
Type: Signature
Rule: "OR('orderer.admin')"
- &org1
Name: org1
ID: org1
MSPDir: crypto-config/peerOrganizations/org1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Writers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Admins:
Type: Signature
Rule: "OR('org1.admin')"
AnchorPeers:
- Host: peer0-org1-service
Port: 7051
- &org2
Name: org2
ID: org2
MSPDir: crypto-config/peerOrganizations/org2/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Writers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Admins:
Type: Signature
Rule: "OR('org2.admin')"
AnchorPeers:
- Host: peer0-org2-service
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
Orderer: &OrdererCapabilities
V1_4_2: true
Application: &ApplicationCapabilities
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
- *orderer
- *org1
- *org2
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer0-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
- Host: orderer1-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
- Host: orderer2-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
Addresses:
- orderer0-service:7050
- orderer1-service:7050
- orderer2-service:7050
BatchTimeout: 1s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
- *orderer
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *orderer
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *orderer
Consortiums:
MAIN:
Organizations:
- *org1
- *org2
MainChannel:
<<: *ChannelDefaults
Consortium: MAIN
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
This is what is happening:
You created a system channel (which is the orderer genesis block) by creating the MAIN consortium. Now the system channel was created with the peer organization MSPs at that moment. Followed by this, after the network was up, you went into org1/users and created an admin identity. You update local MSP of peer but the already existing system channel was never updated.
Possible solutions:
Update the admin credentials within org1/users before the network is set up.
Update the system channel configuration with the admin2 credentials post deployment by creating a channel update transaction.
Enable NodeOUs so that any admin identity generated dynamically post the network deployment can perform admin related transactions.
I have 3 organisation with 6 peer and i have created the channel transaction, even i can query the fabcar chaincode from fabric node client. But when i use the farbic sdk node to submit the transcation it give me error
Failed to submit transaction: Error: Endorsement has failed
I am using the below code for submitting the transcation
async function Invoke(userwallet,usename,channelName,chaincodeName) {
try {
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = new FileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the user.
const userExists = await wallet.exists(userwallet);
if (!userExists) {
console.log('An identity for the user "user1" does not exist in the wallet');
console.log('Run the registerUser.js application before retrying');
return;
}
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(ccp, { wallet, identity: usename, discovery: { enabled: true } });
// Get the network (channel) our contract is deployed to.
const network = await gateway.getNetwork(channelName);
// Get the contract from the network.
const contract = network.getContract(chaincodeName);
// Submit the specified transaction.
// createCar transaction - requires 5 argument, ex: ('createCar', 'CAR12', 'Honda', 'Accord', 'Black', 'Tom')
// changeCarOwner transaction - requires 2 args , ex: ('changeCarOwner', 'CAR10', 'Dave')
// await contract.submitTransaction('CAR12', 'Honda', 'Accord', 'Black', 'Tom');
await contract.createTransaction('createCar').submit('CAR22', 'Honda', 'Accord', 'Black', 'Tom')
//await contract.submitTransaction('changeCarOwner', 'CAR10', 'Dave');
console.log('Transaction has been submitted');
// Disconnect from the gateway.
await gateway.disconnect();
} catch (error) {
console.error(`Failed to submit transaction: ${error}`);
process.exit(1);
}
}
configTx
Organizations:
- &OrdererOrg
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
# leave this flag set to true.
AnchorPeers:
- Host: peer1.org1.example.com
Port: 7051
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
- Host: peer1.org2.example.com
Port: 7051
- &Org3
Name: Org3MSP
# ID to load the MSP definition as
ID: Org3MSP
MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.peer', 'Org3MSP.client' , 'Org3MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.client', 'Org3MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org3MSP.admin')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer1.org3.example.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
ACLs: &ACLsDefault
#---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
#ACL policy for lscc's "getid" function
lscc/ChaincodeExists: /Channel/Application/Readers
#ACL policy for lscc's "getdepspec" function
lscc/GetDeploymentSpec: /Channel/Application/Readers
#ACL policy for lscc's "getccdata" function
lscc/GetChaincodeData: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
#ACL policy for qscc's "GetChainInfo" function
qscc/GetChainInfo: /Channel/Application/Readers
#ACL policy for qscc's "GetBlockByNumber" function
qscc/GetBlockByNumber: /Channel/Application/Readers
#ACL policy for qscc's "GetBlockByHash" function
qscc/GetBlockByHash: /Channel/Application/Readers
#ACL policy for qscc's "GetTransactionByID" function
qscc/GetTransactionByID: /Channel/Application/Readers
#ACL policy for qscc's "GetBlockByTxID" function
qscc/GetBlockByTxID: /Channel/Application/Readers
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
#ACL policy for cscc's "GetConfigBlock" function
cscc/GetConfigBlock: /Channel/Application/Readers
#ACL policy for cscc's "GetConfigTree" function
cscc/GetConfigTree: /Channel/Application/Readers
#ACL policy for cscc's "SimulateConfigTreeUpdate" function
cscc/SimulateConfigTreeUpdate: /Channel/Application/Writers
#---Miscellanesous peer function to policy mapping for access control---#
#ACL policy for invoking chaincodes on peer
peer/Proposal: /Channel/Application/Writers
#ACL policy for chaincode to chaincode invocation
peer/ChaincodeToChaincode: /Channel/Application/Readers
#---Events resource to policy mapping for access control###---#
#ACL policy for sending block events
event/Block: /Channel/Application/Readers
#ACL policy for sending filtered block events
event/FilteredBlock: /Channel/Application/Readers
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Org1MemberPolicy:
Type: Signature
Rule: "OR('Org1MSP.member')"
Org2MemberPolicy:
Type: Signature
Rule: "OR('Org2MSP.member')"
Org1Org2MemberPolicy:
Type: Signature
Rule: "OR('Org1MSP.member','Org2MSP.member')"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo","kafka" and "etcdraft"
OrdererType: etcdraft
Addresses:
- orderer.example.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# EtcdRaft defines configuration which must be set when the "etcdraft"
# orderertype is chosen.
EtcdRaft:
# The set of Raft replicas for this network. For the etcd/raft-based
# implementation, we expect every replica to also be an OSN. Therefore,
# a subset of the host:port items enumerated in this list should be
# replicated under the Orderer.Addresses key above.
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
ThreeOrgsOrdererGenesis:
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
- *Org3
ChannelAll:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
Capabilities:
<<: *ApplicationCapabilities
Channel12:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
#fama Try to use below-corrected configtx.yaml, I guess the problem with the policy
As you enabled identity classification so make sure you enable NodeOU's
- &Org1
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
# leave this flag set to true.
AnchorPeers:
- Host: peer1.org1.example.com
Port: 7051
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
- Host: peer1.org2.example.com
Port: 7051
- &Org3
Name: Org3MSP
# ID to load the MSP definition as
ID: Org3MSP
MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org3MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org3MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org3MSP.admin')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer1.org3.example.com
Port: 7051