I'm trying to create a channel with the Fabric SDK node.js. When I create the channel through the bash commands, I have no problems (you can see the code below), but when I use the node.js SDK I got some errors.
I am using TLS and client authentication. I can't realize what the error means and how to solve it. Any help will be greatly appreciated.
Node JS code to create Channel, it was executed in host machine:
var Fabric_Client = require('fabric-client');
var fs=require('fs');
var fabric_client = new Fabric_Client();
// Obtain tls cert and key from client.
let clientcert = fs.readFileSync('/home/rosalva40/Documentos/Own2/Own/data/tls/peer1-org1-cli-client.crt');
let clientkey = fs.readFileSync('/home/rosalva40/Documentos/Own2/Own/data/tls/peer1-org1-cli-client.key');
fabric_client.setTlsClientCertAndKey(clientcert.toString(),clientkey.toString())
//Orderer configuration
let pem1 = fs.readFileSync('/home/rosalva40/Documentos/Own2/Own/data/org0-ca-chain.pem');
const connectionopts = {
pem: pem1.toString()
};
var order = fabric_client.newOrderer('grpcs://localhost:9101', connectionopts)
//setup identity admin
let cert = fs.readFileSync('/home/rosalva40/Documentos/Own2/Own/data/orgs/org1/admin/msp/signcerts/cert.pem');
let pk = fs.readFileSync('/home/rosalva40/Documentos/Own2/Own/data/orgs/org1/admin/msp/keystore/b17b8a06b4928a037e621cc784cac4f8a4913087c95c68162ecae6189993a1fa_sk');
const mspid = 'org1MSP';
fabric_client.setAdminSigningIdentity(pk, cert, mspid);
// Setup create channel
var chanelName = 'mychannel';
const envelope = fs.readFileSync('/home/rosalva40/Documentos/Own2/Own/data/channel.tx');
channelConfig = fabric_client.extractChannelConfig(envelope);
signature = fabric_client.signChannelConfig(channelConfig);
const request = {
name: chanelName,
orderer: order,
config: channelConfig,
signatures : [signature],
txId : fabric_client.newTransactionID(true)
};
//Create chanel
fabric_client.createChannel(request);
When I run createChannel.js, I get the following error in the console:
2019-01-17T14:30:42.278Z - error: [Remote.js]: Error: Failed to
connect before the deadline URL:grpcs://localhost:9101
2019-01-17T14:30:42.283Z - error: [Orderer.js]: Orderer
grpcs://localhost:9101 has an error Error: Failed to connect before
the deadline URL:grpcs://localhost:9101 (node:31051)
UnhandledPromiseRejectionWarning: Error: Failed to connect before the
deadline URL:grpcs://localhost:9101
at checkState (/home/rosalva40/fabric-samples/vote/node_modules/fabric-client/node_modules/grpc/src/client.js:720:16)
(node:31051) UnhandledPromiseRejectionWarning: Unhandled promise
rejection. This error originated either by throwing inside of an async
function without a catch block, or by rejecting a promise which was
not handled with .catch(). (rejection id: 2) (node:31051) [DEP0018]
DeprecationWarning: Unhandled promise rejections are deprecated. In
the future, promise rejections that are not handled will terminate the
Node.js process with a non-zero exit code.
And this is the orderer node log:
2019-01-17 16:08:40.977 UTC [grpc] Println -> DEBU 13a grpc:
Server.Serve failed to create ServerTransport: connection error: desc
= "transport: http2Server.HandleStreams failed to receive the preface from client: EOF" 2019-01-17 16:08:41.987 UTC [grpc] Println -> DEBU
13b grpc: Server.Serve failed to create ServerTransport: connection
error: desc = "transport: http2Server.HandleStreams failed to receive
the preface from client: EOF" 2019-01-17 16:08:43.572 UTC [grpc]
Println -> DEBU 13c grpc: Server.Serve failed to create
ServerTransport: connection error: desc = "transport:
http2Server.HandleStreams failed to receive the preface from client:
EOF"
This is the bash code executed in a container:
DATA=data
CHANNEL_TX_FILE=/$DATA/channel.tx
CHANNEL_NAME=mychannel
# ORDERER CONNECTION ARGUMENTS
ORDERER_HOST=orderer1-org0
ORDERER_PORT_INT=7050
INT_CA_CHAINFILE=/${DATA}/org0-ca-chain.pem
ORDERER_PORT_ARGS="-o $ORDERER_HOST:$ORDERER_PORT_INT --tls --cafile $INT_CA_CHAINFILE --clientauth"
export CORE_PEER_TLS_CLIENTCERT_FILE=/$DATA/tls/peer1-org1-cli-client.crt
export CORE_PEER_TLS_CLIENTKEY_FILE=/$DATA/tls/peer1-org1-cli-client.key
ORDERER_CONN_ARGS="$ORDERER_PORT_ARGS --keyfile $CORE_PEER_TLS_CLIENTKEY_FILE --certfile $CORE_PEER_TLS_CLIENTCERT_FILE"
#ORGANIZATION ADMIN ENVIROMENT ARGUMENTS
ORG_ADMIN_HOME=/${DATA}/orgs/org1/admin
export CORE_PEER_MSPCONFIGPATH=$ORG_ADMIN_HOME/msp
export CORE_PEER_LOCALMSPID=org1MSP
#CHANNEL CREATE COMMAND
peer channel create --logging-level=DEBUG -c $CHANNEL_NAME -f $CHANNEL_TX_FILE $ORDERER_CONN_ARGS
Its seems like the app has problems to connect to the orderer. Try using this method:
var Client = require('fabric-client');
var Channel = require('fabric-client').Channel;
const fs = require('fs');
var client = Client.loadFromConfig("config/configfile.yaml");
/**
* #param {String} channelName Channel name used in configtxgen to create the channel transaction (mychannel)
* #param {String} channelConfigPath Path of the channel transaction (/home/root/channel-artifacts/channel.tx)
* #param {String} orderer Orderer name (orderer.example.com)
* #description Create channel
*/
async createChannel(channelName,orderer, channelConfigPath) {
var envelope = fs.readFileSync(channelConfigPath);
var channelConfig = client.extractChannelConfig(envelope);
let signature = client.signChannelConfig(channelConfig);
let request = {
config: channelConfig,
orderer: client.getOrderer(orderer),
signatures: [signature],
name: channelName,
txId: client.newTransactionID(true)
};
const result = await client.createChannel(request)
return result;
}
You can check the structure of the configfile.yaml in this link.
Dont forget to set the client header in your configfile.yaml
Related
I am facing this problem, below is the exact error:
Error: instantiation policy violation: signature set did not satisfy policy
at self._endorserClient.processProposal
(/home/ubuntu/node_modules/fabric-client/lib/Peer.js:144:36)
at Object.onReceiveStatus
(/home/ubuntu/node_modules/grpc/src/client_interceptors.js:1212:9)
at InterceptingListener._callNext
(/home/ubuntu/node_modules/grpc/src/client_interceptors.js:568:42)
at InterceptingListener.onReceiveStatus
(/home/ubuntu/node_modules/grpc/src/client_interceptors.js:618:8)
at callback
(/home/ubuntu/node_modules/grpc/src/client_interceptors.js:847:24)
Here's my code, helper is the connection profile object of yaml.
var client = await helper.getClientForOrg(orgName, username);
var channel = client.getChannel(channelName);
var txId = client.newTransactionID(true);
var params = {
targets: peerNames,
chaincodePath: chaincodePath,
chaincodeId: chaincodeName,
chaincodeVersion: chaincodeVersion,
chaincodeType: "node",
channelNames: channelName
}
var deployResponse = await client.installChaincode(params);
console.log(deployResponse);
// send proposal to endorsing peers
var request = {
targets: peerNames,
chaincodeType: 'node',
chaincodeId: chaincodeName,
chaincodeVersion: chaincodeVersion,
txId: txId,
fcn: 'instantiate',
args: args
}
let results = await channel.sendUpgradeProposal(request);
console.log(results);
This is the example of classic one member & one peer Fabric BlockChain (AWS managed) where using fabric-client library we are able to invoke chaincode and do the query as well. And it's working with any deployed chaincode. However if we try to instantiate / update a chain code using sendUpgradeProposal() method or sendInstantiateProposal() it's giving permission error, mentioned on the post. However installChaincode() method working fine.
I am trying to add a new Org to an existing Hyperledger fabric network.
The initial network is created by the byfn.sh script that stands up an Orderer and Org1 & Org2.
I have followed this example on Medium.com to create the update protobuf file. Everything that requires configtxgen, cryptogen and configtxlator is done as per this example. However, when it comes to executing the command peer channel signconfigtx -f org3_update_in_envelope.pb, I would like to do that using the Fabric Node SDK.
A point to note here is that if I execute the peer channel ... commands from the cli container command line, the channel update goes through, so I know that the file org3_update_in_envelope.pb is not corrupted.
Using this tutorial and some guidance from this question, I have the following code:
let envelope_pb_file_name = '/tmp/' + json.msp + '_update_in_envelope.pb'; // the pb file we create using command line
let envelope_bytes = fs.readFileSync(envelope_pb_file_name);
if (envelope_bytes === undefined) {
throw new Error(`Could not read the protobuffer file ${envelope_pb_file_name}. Error`);
}
// have the nodeSDK extract out the config update
let config_update = client.extractChannelConfig(envelope_bytes);
let signature = client.signChannelConfig(config_update);
let signatures = [];
signatures.push(signature);
//let orderers = this.loanNetwork.getChannel().getOrderers();
let orderer, ordererName = "orderer.example.com:7050";
const ORDERER_URL = 'grpcs://localhost:7050';
const data = fs.readFileSync(SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem').toString();
orderer = client.newOrderer(ORDERER_URL,
{
'pem': Buffer.from(data).toString(),
'ssl-target-name-override': 'orderer.example.com'
});
let mspId = client.getMspid(); // mspId shows "OrdererMSP" after this call is executed
const keyPath = SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/keystore';
let keyFile, keyFileAry = fs.readdirSync(keyPath).filter(fn => fn.endsWith('_sk'));
for (let f of keyFileAry) {
keyFile = f;
break;
}
keyFile = path.join(keyPath,keyFile);
const keyPEM = fs.readFileSync(keyFile).toString();
const certPath = SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/signcerts';
let certFile, certFileAry = fs.readdirSync(certPath).filter(fn => fn.endsWith('.pem'));
for (let f of certFileAry) {
certFile = f;
break;
}
certFile = path.join(certPath,certFile);
const certPEM = fs.readFileSync(certFile).toString();
client.setAdminSigningIdentity(keyPEM, certPEM, "OrdererMSP");
if (orderer === undefined) {
throw new Error(`Could not find an orderer associated with channel ${orgJSON.channel}. Error.`)
}
let tx_id = client.newTransactionID();
let request = {
config: config_update, //the binary config
// envelope: envelope_bytes,
signatures: signatures, // the collected signatures
name: orgJSON.channel, // the channel name
orderer: orderer, //the orderer from above
txId: tx_id //the generated transaction id
};
let addOrgResult = await client.updateChannel(request);
addOrgResult variable shows the following error:
info: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
status: FORBIDDEN
Orderer logs show this:
2020-01-17 21:49:21.620 UTC [cauthdsl] deduplicate -> ERRO 057 Principal deserialization failure (MSP is unknown) for identity 0
2020-01-17 21:49:21.621 UTC [cauthdsl] deduplicate -> ERRO 058 Principal deserialization failure (MSP is unknown) for identity 0
2020-01-17 21:49:21.621 UTC [cauthdsl] deduplicate -> ERRO 059 Principal deserialization failure (MSP is unknown) for identity 0
2020-01-17 21:49:21.621 UTC [orderer.common.broadcast] ProcessMessage -> WARN 05a [channel: mychannel] Rejecting broadcast of config message from 192.168.208.1:56556 because of error: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
Going through Nikhil Gupta's helpful response to this question, it appears that this error is due to
The error before the policy warning, ERRO 021 Principal
deserialization failure (MSP SampleOrg is unknown) for identity 0,
indicates that the MSP ID that was passed as a parameter with the
request was not recognized by the ordering service. This could be a
result of passing the wrong MSP ID to the command. This error may also
indicate that your organization has not joined the consortium hosted
by the ordering service system channel. If you are updating an
application channel, this error could occur if your organization is
not yet a member of the channel you are trying to update.
However, I am not sure how to proceed because I have connected to the network (Gateway.connect) using the Admin#example.com identity. Additionally, I am also calling client.setAdminSigningIdentity(keyPEM, certPEM, "OrdererMSP"); before making the update.
Any help would be greatly appreciated. Thank you.
The default policy for updating a channel requires a majority, which in your case means you will need signatures from both Org1 admin and Org2 admin and then either Org1 or Org2 can send the actual config update to the orderer.
This means that you need to run
let config_update = client.extractChannelConfig(envelope_bytes);
let signature = client.signChannelConfig(config_update);
let signatures = [];
signatures.push(signature);
as both an Org1 admin and an Org2 admin.
You can then submit the transaction to the orderer as either an Org1 admin or an Org2 admin (but not as the Orderer admin).
Getting below gRPC error when tls is enabled and tried to send transaction proposal to peer.
Taken reference code from here: https://developer.ibm.com/tutorials/hyperledger-fabric-java-sdk-for-tls-enabled-fabric-network/
I have enabled TLS on all peers and on overall network. I tried by giving certificate/pem string directly also in code. But, same exception.
What I am missing here? I am running client application from Eclipse directly.
Thank you in advance.
------------------------- Code starts ---------------
HFClient hfClient = HFClient.createNewInstance();
hfClient.setCryptoSuite(cryptoSuite);
hfClient.setUserContext(admin_registar);
String peer_name = "peer0.org1.example.com";
String peer_url = "grpcs://localhost:7051"; // Ensure that port is of peer1
String peerTLSCertFileName = "crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt"; ***// Taking TLS certitifcate***
Properties peerProperties = new Properties();
peerProperties.setProperty("pemFile", peerCertFile.getAbsolutePath());
peerProperties.setProperty("allowAllHostNames", "true");
Path peerPath = Paths.get(peerTLSCertFileName); ;
peerProperties.put("pemBytes", Files.readAllBytes(peerPath));
**peerProperties.setProperty("sslProvider", "openSSL"); // SETTING TLS properties
peerProperties.setProperty("negotiationType", "TLS"); // SETTING TLS properties**
Peer peer = hfClient.newPeer(peer_name, peer_url, peerProperties);
<< --- Similar code to add Orderer to HFClient --->>
Channel channel = hfClient.newChannel("mychannel");
channel.addPeer(peer);
channel.addOrderer(orderer);
channel.initialize();
TransactionProposalRequest request = hfClient.newTransactionProposalRequest();
String cc = "fabcar"; // Chaincode name
ChaincodeID ccid = ChaincodeID.newBuilder().setName(cc).build();
request.setChaincodeID(ccid);
request.setFcn("createCar"); // Chaincode invoke funtion name
String[] arguments = {"CAR11", "VgW", "Poglo", "Ggrey", "Margy"}; // Arguments that Chaincode function takes
request.setArgs(arguments);
request.setProposalWaitTime(3000);
**Collection<ProposalResponse> responses = channel.sendTransactionProposal(request); // this is line throwing exception**
------------------------- Code ends ---------------
Below exception is at last line of code above:
Exception in thread "main" org.hyperledger.fabric.sdk.exception.ProposalException: org.hyperledger.fabric.sdk.exception.TransactionException: org.hyperledger.fabric.sdk.exception.ProposalException: getConfigBlock for channel mychannel failed with peer peer0.org1.example.com. Status FAILURE, details: Channel Channel{id: 3, name: mychannel} Sending proposal with transaction: 353dde2899c1993b9e643ac32b7b9c27ae4eeda1aaa17bc13f1c35f91795a9f7 to Peer{ id: 1, name: peer0.org1.example.com, channelName: mychannel, url: grpcs://localhost:7051} failed because of: gRPC failure=Status{code=UNAVAILABLE, description=io exception
Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0], cause=javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at
I was getting this issue when I had not run the CreateChannel command.
java -cp blockchain-client.jar org.example.network.CreateChannel
I successfully installed and instantiated chaincode on my chain. I'm able to enroll the admin and register a user trough nodejs. If I query the chaincode it only returns a correct response around 3 out of 5 times. The rest throws errors that the chaincode can't be found.
The chaincode installed is the basic example from the fabric samples.
My js file to query the chaincode (based on the fabcar example):
/*
* SPDX-License-Identifier: Apache-2.0
*/
'use strict';
const { FileSystemWallet, Gateway } = require('fabric-network');
const path = require('path');
const ccpPath = path.resolve(__dirname, 'connection-org1.json');
async function main() {
try {
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = new FileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the user.
const userExists = await wallet.exists('user1');
if (!userExists) {
console.log('An identity for the user "user1" does not exist in the wallet');
console.log('Run the registerUser.js application before retrying');
return;
}
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(ccpPath, { wallet, identity: 'user1', discovery: { enabled: true, asLocalhost: true } });
// Get the network (channel) our contract is deployed to.
const network = await gateway.getNetwork('mychannel');
// Get the contract from the network.
const contract = network.getContract('mycc');
const result = await contract.evaluateTransaction('query', 'a');
console.log(`Transaction has been evaluated, result is: ${result}`);
} catch (error) {
console.error(`Failed to evaluate transaction: ${error}`);
process.exit(1);
}
}
main();
The successful queries with the errors, nothing has been changed between those executions and they have been called with around 5 seconds beetween them.
root#devserver ~/fabric-samples/bla/first-network # node index.js
Transaction has been evaluated, resultb is: 210
root#devserver ~/fabric-samples/bla/first-network # node index.js
Transaction has been evaluated, resultb is: 210
root#devserver ~/fabric-samples/bla/first-network # node index.js
Transaction has been evaluated, resultb is: 210
root#devserver ~/fabric-samples/bla/first-network # node index.js
Transaction has been evaluated, resultb is: 210
root#devserver ~/fabric-samples/bla/first-network # node index.js
2019-09-09T18:53:24.646Z - warn: [Query]: evaluate: Query ID "[object Object]" of peer "peer1.PharmaProducer.bigpharma.com:8051" failed: message=cannot retrieve package for chaincode mycc/1.0, error open /var/hyperledger/production/chaincodes/mycc.1.0: no such file or directory, stack=Error: cannot retrieve package for chaincode mycc/1.0, error open /var/hyperledger/production/chaincodes/mycc.1.0: no such file or directory
at self._endorserClient.processProposal (/root/fabric-samples/bla/first-network/node_modules/fabric-network/node_modules/fabric-client/lib/Peer.js:140:36)
at Object.onReceiveStatus (/root/fabric-samples/bla/first-network/node_modules/grpc/src/client_interceptors.js:1207:9)
at InterceptingListener._callNext (/root/fabric-samples/bla/first-network/node_modules/grpc/src/client_interceptors.js:568:42)
at InterceptingListener.onReceiveStatus (/root/fabric-samples/bla/first-network/node_modules/grpc/src/client_interceptors.js:618:8)
at callback (/root/fabric-samples/bla/first-network/node_modules/grpc/src/client_interceptors.js:845:24), status=500, , url=grpcs://localhost:8051, name=peer1.PharmaProducer.bigpharma.com:8051, grpc.max_receive_message_length=-1, grpc.max_send_message_length=-1, grpc.keepalive_time_ms=120000, grpc.http2.min_time_between_pings_ms=120000, grpc.keepalive_timeout_ms=20000, grpc.http2.max_pings_without_data=0, grpc.keepalive_permit_without_calls=1, name=peer1.PharmaProducer.bigpharma.com:8051, grpc.ssl_target_name_override=peer1.PharmaProducer.bigpharma.com, grpc.default_authority=peer1.PharmaProducer.bigpharma.com, isProposalResponse=true
Failed to evaluate transaction: Error: cannot retrieve package for chaincode mycc/1.0, error open /var/hyperledger/production/chaincodes/mycc.1.0: no such file or directory
I expect the code to successfuly return a correct result every time and not randomly show an error that the code doesn't exist.
Any insight on how this can happen is appreciated.
Looking at the logs I can see why sometimes you get peer0 and occasionally you get peer1, and that is because the discovery results and processing result in it not being possible to get the list of peers in any particular order so with 2 peers in your org and the fact that this is not a long running app but a short running invocation sometimes peer0 will be first in the list of peers and sometimes peer1. Because you have only installed the chaincode on peer0, peer1 can't honour the evaluate request and return an error.
The node-sdk should detect this and then try peer0 but either you are using an older version of the node-sdk which definitely had an issue where it did not try a different peer or the node-sdk is thinking this is (incorrectly, but may not be able to distinguish) a chaincode response and passes that back to the caller.
The solution to avoid the error is to install the chaincode on all the peers.
I'm trying to interact with the peers from JavaScript and I keep getting
{ Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [Org1MSP]
at Object.exports.createStatusError (/blockchain-api-js/node_modules/grpc/src/common.js:87:15)
at Object.onReceiveStatus (/blockchain-api-js/node_modules/grpc/src/client_interceptors.js:1188:28)
at InterceptingListener._callNext (/blockchain-api-js/node_modules/grpc/src/client_interceptors.js:564:42)
at InterceptingListener.onReceiveStatus (/blockchain-api-js/node_modules/grpc/src/client_interceptors.js:614:8)
at callback (/blockchain-api-js/node_modules/grpc/src/client_interceptors.js:841:24)
code: 2,
metadata: [Object],
details: 'access denied: channel [mychannel] creator org [Org1MSP]' }
I'm using the fabric-ca sample and I was able to execute transactions from cli and from cli through run-fabric.sh but I can't seem to do that from JS, I've created a new user and set the client and cert with client.setTlsClientCertAndKey(cert, key);, I even tried giving the admin cert and key from /data/orgs/org1/admin/msp/signcerts, /data/orgs/org1/admin/msp/admincerts and /data/orgs/org1/admin/msp/keystore as well as the ones from /data/tls/ but with no luck
And this is the portion of the code I use:
var channel = this.client.newChannel('mychannel')
let serverCert = fs.readFileSync('/data/org0-ca-chain.pem');
channel.addOrderer(
this.client.newOrderer(
config.orderers['orderer1-org0'].url,
{
pem: Buffer.from(serverCert).toString()
}
)
);
serverCert = fs.readFileSync('/data/org1-ca-chain.pem');
const peer1 = this.client.newPeer(
config.peers['peer1-org1'].url,
{
pem: Buffer.from(serverCert).toString()
}
);
channel.addPeer(peer1);
this.eventhubs = []
this.eventhubs.push(channel.newChannelEventHub(peer1));
serverCert = fs.readFileSync('/data/org2-ca-chain.pem');
const peer2 = this.client.newPeer(
config.peers['peer1-org2'].url,
{
'pem': Buffer.from(serverCert).toString()
}
);
channel.addPeer(peer2);
this.eventhubs.push(channel.newChannelEventHub(peer2));
this.channel = channel;
console.log(this.channel)
return this.channel.sendTransactionProposal(request);
Is there something wrong with my code or the way I do it? Can someone tell me what I am doing wrong? I've seen a few similar questions but those happened when composer was used mostly and I couldn't fix my problem with the answers from there,
You'd better check the user context of client I think.
user context has mspID. check whether mspId is Org1MSP or not.
The error could be because of the Certificates to sign the transaction.Double check your certificate received from CA and also checked the certificates and path used inside the docker container of peers.