I have doubt on creating the peer, where to configure, peer is endoser or Anchor.Lets say, After defining the peer of any-type,Is it possible to update peer type, from endoser to anchor viceversa.
Only peers with chaincode installed can act as endorser, in order to make a node endorser install the chaincode otherwise it'll be simple verify node.
for Anchor peers you need to provide in channel def.
example:
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile tlsca.example.com-cert.pem
Fabric provide three types of peer:
endorser , anchor and simple peer(verify).
endorser peer: peer on which chaincode is installed is called endorser peer.this peer is used to execute smart contract ad return result to client application. client app select that result which is return same from most endorsers.
Anchor peer: this peer is used when peer from one org need to communicate with other org.
for example:
org1 need to communicate with org2. now communication will be done between anchor peer of org1 and org2.
As you asked in comment peer can act as anchor or endorser peer at same time. Example : you can find it in byfn example. where peer0.org1.example.com is anchor as well as endorser.
Related
I'm able to follow https://hyperledger-fabric.readthedocs.io/en/release-2.2/test_network.html
$ peer chaincode invoke ... -c '{"function":"InitLedger","Args":[]}'
2021-08-23 17:52:59.534 PST [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200
I leanred peer chaincode list can list chaincodes, but the following commands don't give expected result.
$ peer chaincode list -C mychannel --installed
Get installed chaincodes on peer:
$ peer chaincode list -C mychannel --instantiated
Get instantiated chaincodes on channel mychannel:
Given I've successfully deployed the basic chaincode, how do I see it through peer chaincode list?
I think issue, will be with the path that is getting set. Make sure to export the following peer path where chaincode is installed :-
FABRIC_LOGGING_SPEC
CORE_PEER_MSPCONFIGPATH
CORE_PEER_LISTENADDRESS
CORE_PEER_LOCALMSPDIR
If tls is enabled, export the following path along with the paths above
CORE_PEER_TLS_ENABLED
CORE_PEER_TLS_KEY_FILE
CORE_PEER_TLS_CERT_FILE
CORE_PEER_TLS_ROOTCERT_FILE
And then try the commands
peer chaincode list --installed
peer chaincode list --instantiated -C mychannel
If you want to just view the installed chaincode below is the command for the HLF2.2x
peer lifecycle chaincode queryinstalled --peerAddresses localhost:7051
--tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE
If you want to view the commited chaincode list below is the command
peer lifecycle chaincode querycommitted --channelID channelName
in HLF2.2x chaincode lifecycle is introduced. So if you want to execute chaincode you need to approve and commit after installed on peer.
I've brought up an etcdraft based orderer cluster with 3 nodes and no peer nodes are deployed for now. And now I want to modify the orderer cluster like removing or adding members. Instructions I've found require firstly fetching the current config with the 'peer channel fetch config' command.
My question is how I can do to fetch the current system channel config with 'peer channel fetch config' command before/without any peer up and running, or is there any other way to achieve this.
fabric version: 1.4.4
You need to invoke it against an orderer since you also need to do this for the system channel, and peers don't have the system channel in them.
Use something like:
peer channel fetch config mychannel.block -c mychannel --orderer orderer.example.com:7050 --cafile ca.crt
I am using Hyperledger Fabric version 1.2. I have created a channel with 1 orderer and 10 peer nodes, all belonging to the same organisation. I want to instantiate the chaincode with the endorsement policy such that all the peers of ORG1 are the endorsing peer, not just 1. What is the valid expression for the same?
Currently using the following policy:
docker exec -e "CORE_PEER_ADDRESS=peer0.org1.example.com:7051" cli peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -n chainname -v 1.0 -c '{"Args":[""]}' -P "AND('Org1MSP.member')"
Fabric documentation contains examples of including peers from different organisations.
This can be achived while invoking the chaincode. You have to pass the peer addresses of all the peer nodes who you want to act as endorsing peers
peer chaincode invoke -o orderer0.abc.com:7050 -C abcchannel -n fabcar --peerAddresses peer0.org1.example.com:7051 --peerAddresses peer1.org1.example.com:7051 -c '{"Args":["initLedger"]}'
Unfortunately! there no valid command for that, you can follow two steps if you want to achieve this:
Write your own custom endorsement logic by a plugin. This method is little cumbersome and you can follow this link if you want to do that. Pluggable endorsement and validation logic
Or, you can have an alternate solution by creating 10 Orgs with 1 peer each and define the endorsement policy through the command that you want as:
-P "OutOf(10, 'Org1.peer', 'Org2.peer', ...., 'Org10.peer')"
But, having all the peers as an endorsing peer is never a good idea as if a peer goes down, you will have to face serious problems as no transaction will be committed
I have a multi-org network fabric network up and running from different hosts.
The docker containers for the peers have TLS enabled. The build configuration of the peer:
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
While creating and joining the channel I followed byfn docs and did not supply the TLS cert/file of the peer while joining the channel. All the peers were able to join the channel.
However, when I tried to fetch the newest block using peer channel fetch newest -o orderer.example.com:7050 -c examplechannel, I got the error:
Serve failed to complete security handshake from "ip:43402": tls: first record does not look like a TLS handshake
Further, I referred this doc on TLS and this doc
on passing TLS certs of the peer with the above fetch command:
peer channel fetch newest -o orderer.example.com:7050 -c examplechannel --tls --certfile $CORE_PEER_TLS_CERT_FILE --keyfile $CORE_PEER_TLS_KEY_FILE --cafile $CORE_PEER_TLS_ROOTCERT_FILE
This gave a new error:
grpc: Server.Serve failed to complete security handshake from "ip:43496": remote error: tls: bad certificate
Debugging TLS issues doc states that this happens when the server does not trust the client certificate. So in my case, I infer that the orderer is not trusting the certificate that the peer is passing.
So
Does it mean that I was supposed to pass TLS_CERT, TLS_KEY and TLS_ROOT cert while proposing a channel join from this peer?
If #1 is true, can I pass these certificates without bringing down the network and rejoining the channel with certs?
While creating the channel, it uses orderer's ca-cert. Also, when submitting anchor peer transaction, it uses orderer's ca cert? So am I supposed to use Orderer's ca cert for peer fetch command as well?
If #3 is true, then in a production environment, do we need to build up the peer containers such that it contains orderer's ca-cert?
There are multiple concepts baked into your questions. It's important to understand that there is a difference between using the peer to run a peer node--peer node start-- and using the peer as a CLI (e.g. peer channel fetch).
When the peer is running as a server, there's no need to pass in crypto material for the channels as the peer actually extracts the required TLS certificate information from the config block passed in the peer channel join ... command.
When the peer is running in CLI mode, you do need to provide the the TLS certificate information to connect to the various endpoints. When communicating with peers, this information is extracted from the peer config (either in core.yaml or from the corresponding CORE_ environment variables). When communicating with the orderer, there are specific command line flags for setting the TLS material.
How do I join members on a channel configured on another computer?
On one computer, I joined the channel through the consortium definition and authentication process.
I do not know how to access channel B of B computer from Peer of computer A. I would be grateful if you could give me specific instructions on how to access the channel from another computer.
Computer A: Once you create the channel, you have the genesis block. You need the genesis block to join the channel.
Computer B: When you have the genesis block, you should execute the following commands:
peer channel join -b mychannel.block
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile tlsca.example.com-cert.pem
In the channel configuration you should define both Peers