I want to know polcies without configtx.yaml when hyperledger server is running. Because, I want to test how the permissions change as each layer of policy changes.
Is there any peer command for finding policies?
You should be able to use peer channel fetch config command. Something similar to:
peer channel fetch config myconfig.pb -o <my-orderer-and-port> -c <my-channel-name> --tls --cafile ordercafile.tls
This will return you a Protobuf file (myconfig.pb) and you can decode this into json using the configxlator command (you may need to download this binary as part of the fabric binaries). For example:
configtxlator proto_decode --input myconfig.pb --type common.Block --output ./myconfig.json
This will be a long JSON file but you might be able to use diff between versions and see if your changes have been applied.
Related
I followed the instructions to upgrade chaincode from here. I executed all the steps successfully. I was able to see the committed chaincode information by the command peer lifecycle chaincode querycommitted --channelID mychannel --name mycc. The docker images are also created for new chaincode but the containers were not launched. The chaincode invoke and query commands also give old results.
I also tried deleting the old chaincode from peers and removing old chaincode containers, but it starts the old chaincode containers again when I run chaincode query or invoke command.
I use peer lifecycle chaincode commands in Hyperledger Fabric 2.0 on Ubuntu 16.04.
I solved the issue. The problem was with the value of --package-id option in peer lifecycle chaincode approveformyorg command. I used the approveForMyOrg function in utils.sh file that comes in first-network directory in fabric-samples. The mistake was I passed the PACKAGE_ID from the results of queryInstalled function which had all the installed chaincode packages. I made a following change in the sed command in that function.
PACKAGE_ID=`sed -n "/$CCNAME_$VERSION/{s/^Package ID: //; s/, Label:.*$//; p;}" log.txt`
I'am trying to change the change code for the hyperledger fabric "first-network", I want to put an other one.
Ididn't find where to define it and what to change.
I know that i have to change the name and put the path to the new chaincode, but i didn't find where
You can find that in docker-compose files folder chaincode (fabric-samples/chaincode) is mounted to /opt/gopath/src/github.com/chaincode
and in the script.sh variable CC_SRC_PATH is set to github.com/chaincode/chaincode_example02/go/ , so if you want to use your own chaincode in the first-network solution you should put it to folder chaincode and set up CC_SRC_PATH
this varibles is used in utils.sh file
peer chaincode install -n mycc -v ${VERSION} -l ${LANGUAGE} -p ${CC_SRC_PATH} >&log.txt
I have setup a hyperledger fabric network with 1 orderer node, but don't know how to add more orderer node to a running production hyperledger network.
Any help would be appreciated, thanks.
Firstly, your network ordering service has to be setup as a Kafka one, not solo. You can do this in your configtx.yaml file under OrdererType. You will then also have to create kafka brokers, zookeepers and configure all that. If you are not familiar with this, I found experimenting and studying this repo https://github.com/keenkit/fabric-sample-with-kafka very helpful.
Assuming you have a working network with a Kafka Ordering Service, adding an extra orderer is done via a channel update, which is very similar to adding a new org. There are quite a few steps involved but they are all listed and explained here http://hyperledger-fabric.readthedocs.io/en/release-1.1/channel_update_tutorial.html. I would recommend you understand how adding an org works first, but if you feel comfortable then the only differences for adding an orderer are:
obviously there is no need to create new org crypto materials but you will need the crypto materials for another orderer
instead of running the command jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json which adds the new org crypto material to the network, open the json file and look for "OrdererAddresses". There should be an array of orderers there under another tag "addresses". Add your orderer here and just save the file as modified_config.json. You can then just run the same commands moving forward.
when you sign the envelope using peer channel signconfigtx -f org3_update_in_envelope.pb bootstrap your CLI with an active orderer and use the OrdererMSP as otherwise the orderer will reject your transaction. Organisation MSP's, which are used for adding new orgs, will not work.
To help troubleshoot, I found it easier to initially spin up the 2 Orderer setup that the github repo above creates and then test removing 1 orderer, followed by adding it back in. After that experiment further with adding a 3rd.
Just as a side note you can find all the other things that can be changed with a channel update here: http://hyperledger-fabric.readthedocs.io/en/release-1.1/config_update.html. Click "Click here to see the config" to see an example of the json config (Note: the example is a solo not a Kafka).
Step by step (as requested):
In crypto-config under OrdererOrgs: Specs: create a new hostname for your orderer (using the same domain and name as your other).
Run the command cryptogen extend --config=./crypto-config.yaml NOTE: the 'extend' part so it generates what you need and not regenerate everything.
Spin up a new orderer container that is essentially identical to another orderer except the crypto volumes point to the new crypto generate in step 2, (and perhaps different port depending on your setup). You may notice at this point it is connected to the kafka brokers and has your channel and blocks because it is using the same genesis block. What needs to be done though is the network needs to be made aware of the address of this new orderer.
docker exec -it cli bash into your CLI container and bootstrap it with an active orderer information as you will need the OrdererMSP to sign off this change.
Bootstrap e.g. (yours might be different): CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin#example.com/msp
CORE_PEER_ADDRESS=orderer0.example.com:7050
CORE_PEER_LOCALMSPID=OrdererMSP
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
CHANNEL_NAME=mychannel
install jq in the CLI container to convert blocks to json and back apt update && apt install -y jq
fetch the latest config block peer channel fetch config config_block.pb -o orderer0.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
convert to json and trim headers configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
open the json file look for "OrdererAddresses" and under that heading there should be another tag "addresses". Add the new IP and PORT for the new orderer in that array. Save the change as modified_config.json
covert json form step 7 to block configtxlator proto_encode --input config.json --type common.Config --output config.pb
convert json from step 8 to block configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
calculate the delta between block in step 9 and 10 configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output org3_update.pb
change the delta back to json configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json
wrap the json in a header echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json
convert it back to block configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb
Since you are bootstrap as an active orderer you can just submit it, as the submitting party gives you a free signature and its the only one you need peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer0.example.com:7050 --tls --cafile $ORDERER_CA
Once your peers get this new block, they now know the address of the new orderer and can contact it.
Adding on to Antonio's answer, you will then need to volume the genesis block of the system channel into your new orderer.
you can obtain it by fetching it from the existing orderer and selecting the channel name to be testchainid(default name)
I'm trying to a tutorial of hyperledger fabric on Mac. (http://hyperledger-fabric.readthedocs.io/en/latest/build_network.html#create-join-channel)
At 'Create & Join Channel' part, I have 2 questions.
1.I typed export CHANNEL_NAME=mychannel, but there is apparently no change. What does this command mean?
2.And later, I typedpeer channel create -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem , the following error occurred. What if I do, the problem will be resolved?(There seems to be no such directory, so do I have to create? )
[main] main -> ERRO 001 Cannot run peer because cannot init crypto, missing /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp folder
Accordingly, I use Mac and installed all of the guided resources yesterday or day before yesterday, so I think resource version is correct.
I'd appreciate if you could answer these questions.
Question 1: export CHANNEL_NAME=mychannel Sets the CHANNEL_NAME variable to "mychannel".
Following that tutorial you linked, this just sets the variable ($CHANNEL_NAME) they have in their command:
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME
However, you are right when you say changing that does nothing because you have hardcoded "mychannel" in your peer channel create command. Both your way and the tutorial way will have the same end result.
Question 2: The directory below points to where the peer certificates for the MSP are supposed to be, in your example. These files are generated with the ../bin/cryptogen generate --config=./crypto-config.yaml command from the tutorial. The error message is saying that the peer is unable to start due to that directory not existing, or containing the needed certs. I would ensure the peer container has those certs in that location, one way would be to Docker exec into it.
/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
I'm trying to run the Hyperledger Fabric network, which consists of a single orderer, a single peer, and a cli. To learn the procedure of launching Hyperledger Fabric network, from creating crypto-related artifacts to running cli as a docker container, I execute them one by one.
Everything is okay, but when I try to instantiate the installed chaincode, the peer produces channel [reputationch]: MSP error: channel doesn't exist (reputationch is my channel name) and the instantiation has been failed.
(Check the below screenshot)
I'm not sure that this warning on the peer node causes the failure of the instantiation of chaincode, but I guess it is the reason.
My crypto-config.yaml and configtx.yaml are like below. They are nothing special because I just modified some names based on the official example.
crytp-config.yaml and configtx.yaml
And the script to create crypto-related artifacts based on the above yaml files is:
script to create crypto-related artifacts
My running scripts to launch an orderer, a peer, and a cli are like below. It calls docker commands.
running scripts to launch an orderer, a peer, and a cli
After I launch a cli, I connect the cli using docker exec -it cli bash. Then, I run three commands, which work well without an error or a warning:
peer channel create -o orderer.operator.com:7050 -c reputationch -f ./channel-artifacts/reputation-channel.tx
peer channel update -o orderer.operator.com:7050 -c reputationch -f ./channel-artifacts/Company1anchors.tx
peer chaincode install -n mycc -v 1.0 -p github.com/hyperledger/fabric/examples/chaincode/go/
Then, the following command is failed.
peer chaincode instantiate -o orderer.operator.com:7050 -C reputationch -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "OR ('Company1MSP.peer')"
My version information is:
macOS: macOS High Sierra 10.13.3
Go: 1.10
Docker: Version 18.03.0-ce-mac59 (23608)
Hyperledger Fabric: 1.1
cryptogen: 1.1.0
configtxgen: 1.1.0
Any kind of comment or help will be very great for me. Thanks.
Basically you also need your peers to join your channels. Which it seems like you are not doing here. If your peers do not join any channel, you will be getting this error. Make sure that your peers join channel before installing chaincode.
peer channel join -b $CHANNEL_NAME.block