I am setting up a single organization Hyperledger Fabric network.I want to create multiple channels within the organization and restrict access to channels? i.e., peerA has access only on channelA and peerB has access only on channelB
Can I get some insight on how to create different channels on different peers of the organisations?
Let me explain clearly,
Hyperledger fabric is a consortium oriented
Consortium is the high-level and channel, organizations are subset of consortium , which means one consortium contains channels and organizations
one channel can have multiple organizations
organizations participate in the channel by joining their peers
Each channel has a separate ledger
Coming to your question
peerA has access only on channelA and peerB has access only on channelB
join peerA of org1 to only channelA
join peerB of org1 to only channelB
Can I create multiple channels within the organization and restrict access to channels?
YES, you can create as no of channel you want
below I presented the configtx with two channels
Organizations:
- &org1
Name: org1
ID: org1MSP
MSPDir: ./data/orgs/org1/msp
AnchorPeers:
- Host: org1-peer-org1
- Port: 7051
- &org2
Name: org2
ID: org2MSP
MSPDir: ./data/orgs/org2/msp
AnchorPeers:
- Host: org2-peer-org2
- Port: 7051
Capabilities:
Global: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Profiles:
OrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
OrdererType: kafka
Addresses:
- org1-orderer-org1:7050
- org2-orderer-org2:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 56
AbsoluteMaxBytes: 34 MB
PreferredMaxBytes: 4354 KB
Kafka:
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
Organizations:
- *org1
- *org2
Capabilities:
<<: *OrdererCapabilities
Consortiums:
transport:
Organizations:
- *org1
- *org2
OrgsChannel1:
Consortium: transport
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
OrgsChannel2:
Consortium: transport
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
Capabilities:
<<: *ApplicationCapabilities
Related
I am setting up a server composed of two organizations (3 later), as shown in the following link : https://hyperledger-fabric.readthedocs.io/en/release-1.4/network/network.html
However, the consortium must not contain the two organizations (Org1 and Org2) but only organization 1 (Org1) as shown in this image: https://imgur.com/a/gcBcINq
In my configtx.yaml file, I set the SampleConsortium value as a follow:
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
# - *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
So I define a consortium with a single organization: Org2.
However, when instantiating my channel with the line of code
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example. com-cert.pem
The screen displays an error telling me: Error: got unexpected status: BAD_REQUEST -- Attempted to include a member which is not in the consortium
Do you have an idea to generate my channel by having only one organization in my consortium?
Thank you very much in advance for your answers :)
PS : This is my first project with hyperledger fabric, so I am still "new" with this technology. However, it seems to me that there is no indication that a consortium should not have at least 2 organizations.
You have to comment Org2 from TwoOrgsChannel profile. then you will be able to create my channel once this is done you can add Org2 by updating the channel config for further details you can refer read the docs https://hyperledger-fabric.readthedocs.io/en/release-1.4/channel_update_tutorial.html
Thank you very much, your solution worked. However, I can only add the Org1 Organization in my channel. If I comment on the Org2 line, an error
Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'mychannel', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
While my configtx.yaml file looks like this:
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
# - *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
How to add raft instead of kafka in hyperledger fabric altoros fabric-supply-chain project ?
here's my configtxtemplate-OneOrg-orderer.yaml file
---
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
OrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ORG1
common:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ORG1
CHANNEL_NAME:
Consortium: SampleConsortium
Application:
Organizations:
- *ORG1
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererMSP
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/DOMAIN/msp
- &ORG1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: ORG1MSP
# ID to load the MSP definition as
ID: ORG1MSP
MSPDir: crypto-config/peerOrganizations/ORG1.DOMAIN/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.ORG1.DOMAIN
Port: 7051
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.DOMAIN:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 98 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
Can you please check where I'm going wrong and in which files i have to make changes.
I went through the docs of raft but i couldn't understand it well and there is no good source or tutorial that i could go through. If you know any good source or example then please help.
I see the hyperledger fabric community is not as strong as bitcoin or ethereum like blockchains. I am facing lot of trouble to build an application on it. I would request you to help me from where i can learn the best.
You can read in documentation for more details and explanations, while key concepts are:
In order to work with Raft you need to configure your ordering service to work with TLS.
Change orderer type to be
OrdererType: etcdraft
You need to setup your concenters set (Raft replicas) by adding into configuration following section:
Consenters:
- Host: raft0.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert0
ServerTLSCert: path/to/ServerTLSCert0
- Host: raft1.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert1
ServerTLSCert: path/to/ServerTLSCert1
- Host: raft2.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert2
ServerTLSCert: path/to/ServerTLSCert2
where you provide configuration to setup your cluster including TLS certificates for your concenters.
For example profile for Raft might look as following, SampleDevModeEtcdRaft profile:
SampleDevModeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: raft0.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert0
ServerTLSCert: path/to/ServerTLSCert0
- Host: raft1.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert1
ServerTLSCert: path/to/ServerTLSCert1
- Host: raft2.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert2
ServerTLSCert: path/to/ServerTLSCert2
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
I am struggling so hard to write policy for creating channel (ChannelCreationPolicy) here is my configtx.yaml
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ../crypto-config/ordererOrganizations/orderer-org/msp
- &ShopOrg
Name: ShopOrgMSP
ID: ShopOrgMSP
MSPDir: ../crypto-config/peerOrganizations/shop-org/msp
AnchorPeers:
- Host: shop-peer-0
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer0:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Application: &ApplicationDefaults
Organizations:
Profiles:
TwoOrgGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
InsuranceConsortium:
# ChannelCreationPolicy:
# Admins:
# Type: Signature
# Rule: "OR('ShopOrgMSP.admin')"
Organizations:
- *ShopOrg
TwoOrgChannel:
Consortium: InsuranceConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ShopOrg
I tried to put ChannelCreationPolicy block above in the commented area but it says : 'Profiles[TwoOrgGenesis].Consortiums[InsuranceConsortium]' has invalid keys: ChannelCreationPolicy
I can't find place for ChannelCreationPolicy inside that .yaml. So how can I write policy so that, for example, only ShopOrgMSP admins could create channel?
Looking at the source for configtxgen, it doesn't look like channel creation policies are supported by the tool. You would need to submit this change as a config update transaction.
Unfortunately, this is a highly non-trivial process, but at least there is an example (for adding an org to a channel) here.
Error from docker logs: Existing config does not contain element for [Groups] /Channel/Application
The configtx.yaml for generating genesis.block
Profiles:
OrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrgs
Consortiums:
SampleConsortium:
Organizations:
Organizations:
- &OrdererOrgs
Name: orderer0
ID: orderer0
MSPDir: crypto-config/ordererOrganizations/test.com/msp
AdminPrincipal: Role.Admin
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer0:7050
BatchTimeout: 2s
MaxChannels: 0
Application: &ApplicationDefaults
Organizations:
The configtx.yaml for generating channel.tx
Profiles:
OrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *org
Organizations:
- &org
Name: org
ID: org
MSPDir: crypto-config/peerOrganizations/org.org.com/msp
AdminPrincipal: Role.Admin
AnchorPeers:
- Host: peer0
Port: 7051
Application: &ApplicationDefaults
Organizations:
Is this a valid scenario where we can generate genesis.block first [without specifying organization details] and then finally creating channel.tx by specifying org details?
Whenever I try to connect a peer to a channel I receive the following error message :
Error: proposal failed (err: rpc error: code = Unknown desc = chaincode error (status: 500, message: "JoinChain" for chainID = productionChannel failed because of validation of configuration block, because of Invalid configuration block, missing Application configuration group))
I’ve noticed that when I have done the example setups, the genesis block has a section for Application. However, with my current setup, the genesis block does not contain the Application section. Is there a way to instantiate the genesis block with the application embedded or another way to join the peer to the channel?
My configtx.yaml is below :
Profiles:
OneOrgOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *TestOrg
OneOrgChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *TestOrg
Organizations:
- &OrdererOrg
Name: OrdererMSP
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/test-com/msp
- &TestOrg
Name: TestOrgMSP
ID: TestOrgMSP
MSPDir: crypto-config/peerOrganizations/testorg-test-com/msp
AnchorPeers:
- Host: peer0-testorg-test-com
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer-test-com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Application: &ApplicationDefaults
Organizations:
If any one else runs into this issue, here is what is happening.
I was mistakenly trying to join the peers to the genesis block. The genesis block should not have an application section in it, as it is the system channel. This is created either through using the configtxgen tool from Fabric, or having the Orderer produce it when it is first created.
Then you need to create another channel block, using configtxgen or through CLI peer channel create . Then you can issue a peer channel join command using the -b flag for the path of the block.