I am trying to modify the balance-transfer example of hyperledger fabric to use with different org and domain instead of Org1.example.com. but when trying to enroll new user I am getting below error.
Failed to get registered user: Jim with error: Error: Enrollment
failed with errors [[{"code":20,"message":"Authentication failure"}]]
when checked the ca docker logs it shows below error.
POST /api/v1/enroll 401 23 "Failed to get user: : scode: 404, code:
63, msg: Failed to get User: sql: no rows in result set".
I had a similar problem that I fixed by going back to the config.json and undoing some of the changes I had made. Specifically keeping "Org1": and "Org2": instead of replacing them with my specific organization names.
Related
Trying to add a new organisation from a separate host.(Modifying steps from ./eyfn.sh when necessary).
Managed to create and import network admin card using Hyperledger Composer. (https://medium.com/#mahoney_33893/hyperledger-composer-adding-another-organization-to-an-existing-running-multi-organization-fff5c8104a82).
However when pinging the network I got:
Error: Error trying to ping. Error: 2 UNKNOWN: access denied: channel [composerchannel] creator org [Org3MSP]
Upon getting the logs from peer I got
-Principal deserialization failure (MSP Org3MSP is unknown) for identity
-[channel: composerchannel] Client authorization revoked for deliver request from 10.0.1.6:48262: Failed evaluating policy on signed data during check policy on channel [composerchannel] with policy [/Channel/Application/Readers]: [Failed to reach implicit threshold of 1 sub-policies, required 1 remaining]
My problem is actually similar to that of Hyperledger-Composer: Getting "access denied" when pinging network admin card.
The solution did mention to include msp files of my new org into volumes of the orderer which I did as
docker cp msp <containername>:/etc/hyperledger/msp/peerOrganizations/org3.example.com
My first organisation was set up using the default ./startFabric.sh
Take note that im not using TLS for the time being.
The error still persist though and Im wondering why. I do however suspect that the way im giving msp to the orderer is somehow wrong. or Im putting it in a wrong file.
Maybe you will need to migrate from Composer to other framework.
Hundreds of devs are taking is using Convector. Convector is a Hyperledger Labs project that was created before Hyperledger Composer was deprecated but that looks similar to developers. It follows a model controller pattern (similar to Composer assets and transactions) however it compiles natively to Fabric code and does not create a runtime.
I am able to invoke my chaincode from docker cli successfully (fabric-shim).
i ran enrollAdmin.js and registerUser.js sucessfully,
but when i try to run invoke.js or query.js, i get Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [Org1MSP].
Though there are limited information shows above, the peer log give the essential hint about the problem:
WARN 044 channel [mychannel]: MSP error: the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com"
Here is the suggestions that may help your to solve this problem:
Change your peer's logging level to DEBUG on docker-compose file, you will be more easily to find the solution followed by the debug information.
Make sure your CA container is running and its logs not throws out error, like some certifications verify error, which commonly causes by wrong configuration.
Now that the logs shows up some information about x509 ECDSA, which related to the signature and and the peers endorsement keycert. Also, this keycerts may storage on /tmp/hfc-key-store or any other place that you defined on you code. Try to clean up this temporary file and restart network again.
Noticed that your are using the fabric-sample repo, I think this problem may not caused by some code issues since you just modified a few parameters. So I recommend you to follow this tutorial to get the right step.
I came across similar issue.
I found out then channel name in network config and the channel I created was different. So I changed the channel name in the network config and it got fixed.
According to hyperledger-fabric node-sdk documentation both functions
'queryChannels' and 'queryInstalledChaincodes' must be called by admin. I am
able to access 'queryChannels'(both from the Client class) but on accessing
queryInstalledChaincodes, an error occurs saying :
(status: 500, message: Authorization for GETINSTALLEDCHAINCODES on channel getinstalledchaincodes has been denied with error Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin])
Can somebody propose a solution? Thanks in advance.
Well this is sample, you should find out which identity you are using for the client.
The problem is your fabric ACL policy(which is in the configtx.yaml) has set the chaincode area to a Admin access.
Which means you should use the admin identity to call the queryInstalledChaincodes function.
Further infos please check this page:
https://hyperledger-fabric.readthedocs.io/en/release-1.4/access_control.html#what-is-an-access-control-list
Also this question has been asked 1 year, 6 months ago, so I bet you have worked it out on your own, congrats!
I am not able to start a composer-rest-server without a network admin card.
When I tried a normal user card, it generates the following error:
Connection fails: Error: 2 UNKNOWN: error executing chaincode:
transaction returned with failure:
AccessException: Participant 'com.tuzz.agloan.Dccb#dccb1' does not have 'READ' access to resource 'org.hyperledger.composer.system.Network#aloan#0.0.2-deploy.17'
You can try adding a rule that gives the participant access to the network.
in .acl file, add this rule then update the network and start the REST server
rule Rule1 {
description: "Grant access to the network"
participant: "com.tuzz.agloan.Dccb"
operation: READ
resource: "org.hyperledger.composer.system.Network"
action: ALLOW
}
For more details, you can refer Granting network access control section in ACL reference
I have been following this Tutorial and I am able to complete it. I issue a new identity, to an existing participant and I create a business card for this identity with the following command:
composer identity issue --card admin#tutorial-network -f usr001#tutorial-network.card -u usr001 -a "resource:org.acme.biznet.Trader#usr001" -x true
Then, I import that business card via POST /wallet/import and I am able to call different REST API operations. After that, I stop the composer-rest-server and after a few minutes I start the composer-rest-server again with the command composer-rest-server -c admin#tutorial-network -m true -a true
Then, I authenticate to the REST API using the configured authentication mechanism (in this case passport-github strategy) and if I try to call one operation fro REST API it throws a A business network card has not been specified error message, then I import the previous business card via POST /wallet/import getting a no content which is supposed to be correct.
Finally, when I try to call another REST API operation I get the following error:
{
"error": {
"statusCode": 500,
"name": "Error",
"message": "Error trying to ping. Error: Error trying to query business network. Error: chaincode error (status: 500, message: Error: The current identity has not been registered: usr001)",
"stack": "Error: Error trying to ping. Error: Error trying to query business network. Error: chaincode error (status: 500, message: Error: The current identity has not been registered: usr001)\n at _checkRuntimeVersions.then.catch (/home/username/.npm-global/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:679:34)\n at <anonymous>"
}
}
This is the main issue, I don't know why my identity is not being recongized by the REST API if I used it previously to call some operations.
the problem is one of persistence as captured here -> https://hyperledger.github.io/composer/v0.16/integrating/enabling-multiuser.html and the link for persisting identities (ie instructions) is captured here -> https://hyperledger.github.io/composer/v0.16/integrating/deploying-the-rest-server.html
All user information is persisted in a LoopBack data source by using a LoopBack connector. By default, the REST server uses the LoopBack "memory" connector to persist user information, which is lost when the REST server is terminated. The REST server should be configured with a LoopBack connector that stores data in a highly available data source, for example a database.