I am trying to enforce simple endorsement policy for 2 org network. Here is my crypto-config.yaml
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
# CA:
# OrganizationalUnit: peer
Template:
Count: 1
Users:
Count: 1
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: true
# CA:
# OrganizationalUnit: peer
Template:
Count: 1
Users:
Count: 1
And i can see OU as peer in both peers.
peer0.org2.example.com
Identity: peer0.org2.example.com
Verified by: ca.org2.example.com
Expires: Saturday 23 December 2028
Subject Name
C (Country): US
ST (State): California
L (Locality): San Francisco
OU (Organizational Unit): peer
CN (Common Name): peer0.org2.example.com
endorsement policy for member check works
peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -n chaincode -l node -v v0 -c '{"args":["init"]}' -P "AND('Org1MSP.member', 'Org2MSP.member')"
but endorsement policy for peer check not working
peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -n chaincode -l node -v v0 -c '{"args":["init"]}' -P "AND('Org1MSP.peer', 'Org2MSP.peer')"
When i invoke any function.
Transaction failed to be committed to the ledger due to ::ENDORSEMENT_POLICY_FAILURE
even "OR('Org1MSP.peer', 'Org2MSP.peer')" not working
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
# CA:
# OrganizationalUnit: peer
Template:
Count: 1
Users:
Count: 1
......... TEMPLATE COUNT s/b changed to 2 as there are now 2 Orgs
Related
Hi I am getting the following Error when Installing the chaincode. I have tried everything but still no clue what is happening.Please help me on this.
2022-01-28 12:36:06.833 IST 0001 INFO [chaincodeCmd] ClientWait -> txid [cd68692e297f8bee9e6dbfdd726467901875683e411c1fb8b1580b7ab358b952] committed with status (MVCC_READ_CONFLICT) at localhost:8051
Error: transaction invalidated with status (MVCC_READ_CONFLICT)
Chaincode definition approved on peer1.org1 on channel 'mychannel' failed
Deploying chaincode failed
This is configtx-
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ../organizations/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- orderer.example.com:7050
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: ../organizations/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: ../organizations/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
- &Org3
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org3MSP
# ID to load the MSP definition as
ID: Org3MSP
MSPDir: ../organizations/peerOrganizations/org3.example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.peer', 'Org3MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org3MSP.peer')"
- &Org4
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org4MSP
# ID to load the MSP definition as
ID: Org4MSP
MSPDir: ../organizations/peerOrganizations/org4.example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org4MSP.admin', 'Org4MSP.peer', 'Org4MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org4MSP.admin', 'Org4MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org4MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org4MSP.peer')"
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V2_0 capability ensures that orderers and peers behave according
# to v2.0 channel capabilities. Orderers and peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 capability.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V2_0 orderer capability ensures that orderers behave according
# to v2.0 orderer capabilities. Orderers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 orderer capability.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2_0 application capability ensures that peers behave according
# to v2.0 application capabilities. Peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 application capability.
# Prior to enabling V2.0 application capabilities, ensure that all
# peers on channel are at v2.0.0 or later.
V2_0: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
OrdererType: etcdraft
# Addresses used to be the list of orderer addresses that clients and peers
# could connect to. However, this does not allow clients to associate orderer
# addresses and orderer organizations which can be useful for things such
# as TLS validation. The preferred way to specify orderer addresses is now
# to include the OrdererEndpoints item in your org definition
Addresses:
- orderer.example.com:7050
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
OrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
- *Org3
- *Org4
OrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
- *Org4
Capabilities:
<<: *ApplicationCapabilities
This is my deployCC.sh script which I am using for installing the chaincode. I am actually using the command ./network.sh deployCC command.
#!/bin/bash
source scripts/utils.sh
CHANNEL_NAME=${1:-"mychannel"}
CC_NAME=${2}
CC_SRC_PATH=${3}
CC_SRC_LANGUAGE=${4}
CC_VERSION=${5:-"1.0"}
CC_SEQUENCE=${6:-"1"}
CC_INIT_FCN=${7:-"NA"}
CC_END_POLICY=${8:-"NA"}
CC_COLL_CONFIG=${9:-"NA"}
DELAY=${10:-"3"}
MAX_RETRY=${11:-"5"}
VERBOSE=${12:-"false"}
println "executing with the following"
println "- CHANNEL_NAME: ${C_GREEN}${CHANNEL_NAME}${C_RESET}"
println "- CC_NAME: ${C_GREEN}${CC_NAME}${C_RESET}"
println "- CC_SRC_PATH: ${C_GREEN}${CC_SRC_PATH}${C_RESET}"
println "- CC_SRC_LANGUAGE: ${C_GREEN}${CC_SRC_LANGUAGE}${C_RESET}"
println "- CC_VERSION: ${C_GREEN}${CC_VERSION}${C_RESET}"
println "- CC_SEQUENCE: ${C_GREEN}${CC_SEQUENCE}${C_RESET}"
println "- CC_END_POLICY: ${C_GREEN}${CC_END_POLICY}${C_RESET}"
println "- CC_COLL_CONFIG: ${C_GREEN}${CC_COLL_CONFIG}${C_RESET}"
println "- CC_INIT_FCN: ${C_GREEN}${CC_INIT_FCN}${C_RESET}"
println "- DELAY: ${C_GREEN}${DELAY}${C_RESET}"
println "- MAX_RETRY: ${C_GREEN}${MAX_RETRY}${C_RESET}"
println "- VERBOSE: ${C_GREEN}${VERBOSE}${C_RESET}"
FABRIC_CFG_PATH=$PWD/../config/
#User has not provided a name
if [ -z "$CC_NAME" ] || [ "$CC_NAME" = "NA" ]; then
fatalln "No chaincode name was provided. Valid call example: ./network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-go -ccl go"
# User has not provided a path
elif [ -z "$CC_SRC_PATH" ] || [ "$CC_SRC_PATH" = "NA" ]; then
fatalln "No chaincode path was provided. Valid call example: ./network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-go -ccl go"
# User has not provided a language
elif [ -z "$CC_SRC_LANGUAGE" ] || [ "$CC_SRC_LANGUAGE" = "NA" ]; then
fatalln "No chaincode language was provided. Valid call example: ./network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-go -ccl go"
## Make sure that the path to the chaincode exists
elif [ ! -d "$CC_SRC_PATH" ]; then
fatalln "Path to chaincode does not exist. Please provide different path."
fi
CC_SRC_LANGUAGE=$(echo "$CC_SRC_LANGUAGE" | tr [:upper:] [:lower:])
# do some language specific preparation to the chaincode before packaging
if [ "$CC_SRC_LANGUAGE" = "go" ]; then
CC_RUNTIME_LANGUAGE=golang
infoln "Vendoring Go dependencies at $CC_SRC_PATH"
pushd $CC_SRC_PATH
GO111MODULE=on go mod vendor
popd
successln "Finished vendoring Go dependencies"
elif [ "$CC_SRC_LANGUAGE" = "java" ]; then
CC_RUNTIME_LANGUAGE=java
infoln "Compiling Java code..."
pushd $CC_SRC_PATH
./gradlew installDist
popd
successln "Finished compiling Java code"
CC_SRC_PATH=$CC_SRC_PATH/build/install/$CC_NAME
elif [ "$CC_SRC_LANGUAGE" = "javascript" ]; then
CC_RUNTIME_LANGUAGE=node
elif [ "$CC_SRC_LANGUAGE" = "typescript" ]; then
CC_RUNTIME_LANGUAGE=node
infoln "Compiling TypeScript code into JavaScript..."
pushd $CC_SRC_PATH
npm install
npm run build
popd
successln "Finished compiling TypeScript code into JavaScript"
else
fatalln "The chaincode language ${CC_SRC_LANGUAGE} is not supported by this script. Supported chaincode languages are: go, java, javascript, and typescript"
exit 1
fi
INIT_REQUIRED="--init-required"
# check if the init fcn should be called
if [ "$CC_INIT_FCN" = "NA" ]; then
INIT_REQUIRED=""
fi
if [ "$CC_END_POLICY" = "NA" ]; then
CC_END_POLICY=""
else
CC_END_POLICY="--signature-policy $CC_END_POLICY"
fi
if [ "$CC_COLL_CONFIG" = "NA" ]; then
CC_COLL_CONFIG=""
else
CC_COLL_CONFIG="--collections-config $CC_COLL_CONFIG"
fi
# import utils
. scripts/envVar.sh
packageChaincode() {
set -x
peer lifecycle chaincode package ${CC_NAME}.tar.gz --path ${CC_SRC_PATH} --lang ${CC_RUNTIME_LANGUAGE} --label ${CC_NAME}_${CC_VERSION} >&log.txt
res=$?
{ set +x; } 2>/dev/null
cat log.txt
verifyResult $res "Chaincode packaging has failed"
successln "Chaincode is packaged"
}
# installChaincode PEER ORG
installChaincode() {
ORG=$1
PEER=$2
setGlobals $ORG $PEER
set -x
peer lifecycle chaincode install ${CC_NAME}.tar.gz >&log.txt
res=$?
{ set +x; } 2>/dev/null
cat log.txt
verifyResult $res "Chaincode installation on peer${PEER}.org${ORG} has failed"
successln "Chaincode is installed on peer${PEER}.org${ORG}"
}
# queryInstalled PEER ORG
queryInstalled() {
ORG=$1
PEER=$2
setGlobals $ORG $PEER
set -x
peer lifecycle chaincode queryinstalled >&log.txt
res=$?
{ set +x; } 2>/dev/null
cat log.txt
PACKAGE_ID=$(sed -n "/${CC_NAME}_${CC_VERSION}/{s/^Package ID: //; s/, Label:.*$//; p;}" log.txt)
verifyResult $res "Query installed on peer${PEER}.org${ORG} has failed"
successln "Query installed successful on peer${PEER}.org${ORG} on channel"
}
# approveForMyOrg VERSION PEER ORG
approveForMyOrg() {
ORG=$1
PEER=$2
setGlobals $ORG $PEER
set -x
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile $ORDERER_CA --channelID $CHANNEL_NAME --name ${CC_NAME} --version ${CC_VERSION} --package-id ${PACKAGE_ID} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt
res=$?
{ set +x; } 2>/dev/null
cat log.txt
verifyResult $res "Chaincode definition approved on peer${PEER}.org${ORG} on channel '$CHANNEL_NAME' failed"
successln "Chaincode definition approved on peer${PEER}.org${ORG} on channel '$CHANNEL_NAME'"
}
# checkCommitReadiness VERSION PEER ORG
checkCommitReadiness() {
ORG=$1
PEER=$2
shift 1
setGlobals $ORG $PEER
infoln "Checking the commit readiness of the chaincode definition on peer${PEER}.org${ORG} on channel '$CHANNEL_NAME'..."
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
sleep $DELAY
infoln "Attempting to check the commit readiness of the chaincode definition on peer${PEER}.org${ORG}, Retry after $DELAY seconds."
set -x
peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name ${CC_NAME} --version ${CC_VERSION} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} --output json >&log.txt
res=$?
{ set +x; } 2>/dev/null
let rc=0
for var in "$#"; do
grep "$var" log.txt &>/dev/null || let rc=1
done
COUNTER=$(expr $COUNTER + 1)
done
cat log.txt
if test $rc -eq 0; then
infoln "Checking the commit readiness of the chaincode definition successful on peer${PEER}.org${ORG} on channel '$CHANNEL_NAME'"
else
fatalln "After $MAX_RETRY attempts, Check commit readiness result on peer${PEER}.org${ORG} is INVALID!"
fi
}
# commitChaincodeDefinition VERSION PEER ORG (PEER ORG)...
commitChaincodeDefinition() {
parsePeerConnectionParameters $#
res=$?
verifyResult $res "Invoke transaction failed on channel '$CHANNEL_NAME' due to uneven number of peer and org parameters "
# while 'peer chaincode' command can get the orderer endpoint from the
# peer (if join was successful), let's supply it directly as we know
# it using the "-o" option
set -x
peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile $ORDERER_CA --channelID $CHANNEL_NAME --name ${CC_NAME} $PEER_CONN_PARMS --version ${CC_VERSION} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt
res=$?
{ set +x; } 2>/dev/null
cat log.txt
verifyResult $res "Chaincode definition commit failed on ${PEER} on channel '$CHANNEL_NAME' failed"
successln "Chaincode definition committed on channel '$CHANNEL_NAME'"
}
# queryCommitted ORG
queryCommitted() {
ORG=$1
PEER=$2
setGlobals $ORG $PEER
EXPECTED_RESULT="Version: ${CC_VERSION}, Sequence: ${CC_SEQUENCE}, Endorsement Plugin: escc, Validation Plugin: vscc"
infoln "Querying chaincode definition on peer${PEER}.org${ORG} on channel '$CHANNEL_NAME'..."
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
sleep $DELAY
infoln "Attempting to Query committed status on peer${PEER}.org${ORG}, Retry after $DELAY seconds."
set -x
peer lifecycle chaincode querycommitted --channelID $CHANNEL_NAME --name ${CC_NAME} >&log.txt
res=$?
{ set +x; } 2>/dev/null
test $res -eq 0 && VALUE=$(cat log.txt | grep -o '^Version: '$CC_VERSION', Sequence: [0-9]*, Endorsement Plugin: escc, Validation Plugin: vscc')
test "$VALUE" = "$EXPECTED_RESULT" && let rc=0
COUNTER=$(expr $COUNTER + 1)
done
cat log.txt
if test $rc -eq 0; then
successln "Query chaincode definition successful on peer${PEER}.org${ORG} on channel '$CHANNEL_NAME'"
else
fatalln "After $MAX_RETRY attempts, Query chaincode definition result on peer${PEER}.org${ORG} is INVALID!"
fi
}
chaincodeInvokeInit() {
parsePeerConnectionParameters $#
res=$?
verifyResult $res "Invoke transaction failed on channel '$CHANNEL_NAME' due to uneven number of peer and org parameters "
# while 'peer chaincode' command can get the orderer endpoint from the
# peer (if join was successful), let's supply it directly as we know
# it using the "-o" option
set -x
fcn_call='{"function":"'${CC_INIT_FCN}'","Args":[]}'
infoln "invoke fcn call:${fcn_call}"
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile $ORDERER_CA -C $CHANNEL_NAME -n ${CC_NAME} $PEER_CONN_PARMS --isInit -c ${fcn_call} >&log.txt
res=$?
{ set +x; } 2>/dev/null
cat log.txt
verifyResult $res "Invoke execution on $PEERS failed "
successln "Invoke transaction successful on $PEERS on channel '$CHANNEL_NAME'"
}
chaincodeQuery() {
ORG=$1
PEER=$2
setGlobals $ORG $PEER
infoln "Querying on peer${PEER}.org${ORG} on channel '$CHANNEL_NAME'..."
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
sleep $DELAY
infoln "Attempting to Query peer0.org${ORG}, Retry after $DELAY seconds."
set -x
peer chaincode query -C $CHANNEL_NAME -n ${CC_NAME} -c '{"Args":["queryAllAssets"]}' >&log.txt
res=$?
{ set +x; } 2>/dev/null
let rc=$res
COUNTER=$(expr $COUNTER + 1)
done
cat log.txt
if test $rc -eq 0; then
successln "Query successful on peer${PEER}.org${ORG} on channel '$CHANNEL_NAME'"
else
fatalln "After $MAX_RETRY attempts, Query result on peer${PEER}.org${ORG} is INVALID!"
fi
}
## package the chaincode
packageChaincode
## Install chaincode on peer0.org1 and peer0.org2
infoln "Installing chaincode on peer0.org1..."
installChaincode 1 0
infoln "Installing chaincode on peer1.org1..."
installChaincode 1 1
infoln "Install chaincode on peer0.org2..."
installChaincode 2 0
infoln "Install chaincode on peer1.org2..."
installChaincode 2 1
infoln "Install chaincode on peer0.org3..."
installChaincode 3 0
infoln "Install chaincode on peer1.org3..."
installChaincode 3 1
infoln "Install chaincode on peer0.org4..."
installChaincode 4 0
infoln "Install chaincode on peer1.org4..."
installChaincode 4 1
## query whether the chaincode is installed
queryInstalled 1 0
## approve the definition for org1
approveForMyOrg 1 0
approveForMyOrg 1 1
## check whether the chaincode definition is ready to be committed
## expect org1 to have approved and org2 not to
checkCommitReadiness 1 1
## now approve also for org2
approveForMyOrg 2 0
approveForMyOrg 2 1
## check whether the chaincode definition is ready to be committed
## expect them both to have approved
checkCommitReadiness 2 1
## now approve also for org3
approveForMyOrg 3 0
approveForMyOrg 3 1
## check whether the chaincode definition is ready to be committed
## expect them both to have approved
checkCommitReadiness 3 1
## now approve also for org4
approveForMyOrg 4 0
approveForMyOrg 4 1
## check whether the chaincode definition is ready to be committed
## expect them both to have approved
checkCommitReadiness 4 1
## now that we know for sure both orgs have approved, commit the definition
commitChaincodeDefinition 1 2 3 4
## query on both orgs to see that the definition committed successfully
queryCommitted 1 0
queryCommitted 1 1
queryCommitted 2 0
queryCommitted 2 1
queryCommitted 3 0
queryCommitted 3 1
queryCommitted 4 0
queryCommitted 4 1
## Invoke the chaincode - this does require that the chaincode have the 'initLedger'
## method defined
if [ "$CC_INIT_FCN" = "NA" ]; then
infoln "Chaincode initialization is not required"
else
chaincodeInvokeInit 1 2 3 4
fi
exit 0
It looks like you are attempting to approve the chaincode more than once for each organisation, which is unnecessary and probably why you're hitting the MVCC_READ_CONFLICT error (the error you get when a transaction reads a key which has been updated by another transaction).
From the Fabric chaincode lifecycle documentation...
Each channel member that wants to use the chaincode needs to approve a
chaincode definition for their organization. This approval needs to be
submitted to the ordering service, after which it is distributed to
all peers. This approval needs to be submitted by your Organization
Administrator. After the approval transaction has been successfully
submitted, the approved definition is stored in a collection that is
available to all the peers of your organization. As a result you only
need to approve a chaincode for your organization once, even if you
have multiple peers.
I was setting up hyperledger caliper to test a fabcar network and got ECONNREFUFUSED error multiple times. It said that it failed to enroll admin.
I setup the test network using ./startFabric.sh javascript in fabcar repo of fabric-samples.
Then I used docker-compose to start caliper( used docker-compose up in caliper-benchmarks ).
This is the docker-compose file that I used:
version: '2'
services:
caliper:
container_name: caliper
image: hyperledger/caliper:0.3.2
command: launch master --caliper-flow-only-test --caliper-fabric-gateway-usegateway --caliper-fabric-gateway-discovery
environment:
- CALIPER_BIND_SUT=fabric:2.1.0
- CALIPER_BENCHCONFIG=benchmarks/samples/fabric/fabcar/config1.yaml
- CALIPER_NETWORKCONFIG=networks/fabric/network-config.yaml
volumes:
- ~/caliper-benchmarks:/hyperledger/caliper/workspace
networks:
- net_test
networks:
net_test:
external: "true"
This was my network-config.yaml file:
name: Fabric
version: "1.0"
mutual-tls: false
caliper:
blockchain: fabric
#command:
#start: export FABRIC_VERSION=2.1.0;export FABRIC_CA_VERSION=1.4.4;docker-compose -f networks/fabric/naman/docker-compose/2org1peercouchdb_solo_raft/docker-compose-tls.yaml up -d;sleep 3s
#end: docker-compose -f networks/fabric/naman/docker-compose/2org1peercouchdb_solo_raft/docker-compose-tls.yaml down;(test -z \"$(docker ps -aq)\") || docker rm $(docker ps -aq);(test -z \"$(docker images dev* -q)\") || docker rmi $(docker images dev* -q);rm -rf /tmp/hfc-*
info:
Version: 2.1.0
Size: 2 Orgs with 1 Peer
Orderer: Raft
Distribution: Single Host
StateDB: CouchDB
clients:
admin.Org1:
client:
organization: Org1
connection:
timeout:
peer:
endorser: 300
orderer: 300
#credentialStore:
#path: /tmp/hfc-kvs/org1
#cryptoStore:
#path: /tmp/hfc-cvs/org1
#clientPrivateKey:
#path: networks/fabric/naman/peerOrganizations/org1.example.com/users/User1#org1.example.com/msp/keystore/40fa9f923f527b11be8c05bb1a2d166a5c2cc43ee2d425b53cdb82836479206d_sk
#clientSignedCert:
#path: networks/fabric/naman/peerOrganizations/org1.example.com/users/User1#org1.example.com/msp/signcerts/cert.pem
admin.Org2:
client:
organization: Org2
connection:
timeout:
peer:
endorser: 300
orderer: 300
#credentialStore:
#path: /tmp/hfc-kvs/org2
#cryptoStore:
#path: /tmp/hfc-cvs/org2
#clientPrivateKey:
#path: networks/fabric/naman/peerOrganizations/org2.example.com/users/User1#org2.example.com/msp/keystore/cdc22e2ec274bf9d5ec0700b420c5e7423a2be73112f3bdc6565d7d45f9ae643_sk
#clientSignedCert:
#path: networks/fabric/naman/peerOrganizations/org2.example.com/users/User1#org2.example.com/msp/signcerts/cert.pem
User1:
client:
organization: Org1
connection:
timeout:
peer:
endorser: 300
orderer: 300
User2:
client:
organization: Org2
connection:
timeout:
peer:
endorser: 300
orderer: 300
wallet: networks/wallet
channels:
mychannel:
configBinary: networks/mychannel.tx
created: true
#definition:
#capabilities: []
#consortium: 'SampleConsortium'
#msps: ['Org1MSP', 'Org2MSP']
#version: 0
orderers:
- orderer.example.com
peers:
peer0.org1.example.com:
eventSource: true
peer0.org2.example.com:
eventSource: true
#peer1.org1.example.com:
#eventSource: true
#peer1.org2.example.com:
#eventSource: true
chaincodes:
#- id: marbles
# version: v0
#language: node
#path: src/fabric/naman/samples/marbles/node
#metadataPath: src/fabric/naman/samples/marbles/node/metadata
- id: fabcar_1
version: "1.0"
language: node
path: src/fabric/samples/fabcar/javascript1
organizations:
Org1:
mspid: Org1MSP
peers:
- peer0.org1.example.com
certificateAuthorities:
- ca.org1.example.com
adminPrivateKey:
path: networks/fabric/naman/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/5f63f8056561fdd7e62566d62d3f3fddeff12836e3151ec160ef228df008e56b_sk
signedCert:
path: networks/fabric/naman/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/cert.pem
Org2:
mspid: Org2MSP
peers:
- peer0.org2.example.com
#- peer1.org2.example.com
certificateAuthorities:
- ca.org2.example.com
adminPrivateKey:
path: networks/fabric/naman/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/keystore/fc78c38deead140e8164625a839c44966371fcb17608362c2c78a506670bd290_sk
signedCert:
path: networks/fabric/naman/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/signcerts/cert.pem
orderers:
orderer.example.com:
url: grpcs://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
tlsCACerts:
path: networks/fabric/naman/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peers:
peer0.org1.example.com:
url: grpcs://localhost:7051
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICJjCCAc2gAwIBAgIUOKOEL9yThPFiI22Rj2ehP2/8BpEwCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQH
EwZEdXJoYW0xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwNjMwMDcxNjAwWhcNMzUwNjI3MDcxNjAw
WjBwMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzANBgNV
BAcTBkR1cmhhbTEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMT
Y2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHeO
KBmJfaW5TmEVYDJPFUuibx8O+ju3qhHIXFbCnfjz91WnoIUhQXxtfs2Ajyr2ywWk
N9T15plIKgGBe5YZB6+jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgEBMB0GA1UdDgQWBBQYlGorkJ3HFJu/uGPNy753+gbMmDAKBggqhkjOPQQD
AgNHADBEAiAe2nP1fUp4UtqMqVEyd9yzMPNbMBjVA3pFtsw5AThu6AIgPF30jUUm
Ey2vOMKY6mmfZalsJIcyp6ysxPfDaMnq09I=
-----END CERTIFICATE-----
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
hostnameOverride: peer0.org1.example.com
peer0.org2.example.com:
url: grpcs://localhost:9051
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICHzCCAcWgAwIBAgIUGyDeO2bl0XWI29+/h+MNiybkdaowCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEQMA4GA1UEBxMHSHVy
c2xleTEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTAeFw0yMDA2MzAwNzE2MDBaFw0zNTA2MjcwNzE2MDBaMGwx
CzAJBgNVBAYTAlVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxEDAOBgNVBAcTB0h1cnNs
ZXkxGTAXBgNVBAoTEG9yZzIuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2NhLm9yZzIu
ZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlkzwJM7JneAQo
VVrvGGJSzhIryum1oXjNEx01rlc0IawgRzMZdeD10kPIFc0xnTyfCwIJCoVNnS/B
cCuU/WvFo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
BgNVHQ4EFgQUG68pu74VjkUe6MxLutjnBKC0VvowCgYIKoZIzj0EAwIDSAAwRQIh
AKH17YHSHWrGSbwHMNt7TtnQo/IpKyr2P10jHKIVgEoKAiBNic1oFFzyO/xV74ju
8Al0TaGFj222ThdzyT3JrZyGqw==
-----END CERTIFICATE-----
grpcOptions:
ssl-target-name-override: peer0.org2.example.com
hostnameOverride: peer0.org2.example.com
certificateAuthorities:
ca.org1.example.com:
url: https://localhost:7054
caName: ca-org1
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICJjCCAc2gAwIBAgIUOKOEL9yThPFiI22Rj2ehP2/8BpEwCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQH
EwZEdXJoYW0xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwNjMwMDcxNjAwWhcNMzUwNjI3MDcxNjAw
WjBwMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzANBgNV
BAcTBkR1cmhhbTEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMT
Y2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHeO
KBmJfaW5TmEVYDJPFUuibx8O+ju3qhHIXFbCnfjz91WnoIUhQXxtfs2Ajyr2ywWk
N9T15plIKgGBe5YZB6+jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgEBMB0GA1UdDgQWBBQYlGorkJ3HFJu/uGPNy753+gbMmDAKBggqhkjOPQQD
AgNHADBEAiAe2nP1fUp4UtqMqVEyd9yzMPNbMBjVA3pFtsw5AThu6AIgPF30jUUm
Ey2vOMKY6mmfZalsJIcyp6ysxPfDaMnq09I=
-----END CERTIFICATE-----
httpOptions:
verify: false
registrar:
- enrollId: admin
enrollSecret: adminpw
ca.org2.example.com:
url: https://localhost:8054
caName: ca-org2
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICHzCCAcWgAwIBAgIUGyDeO2bl0XWI29+/h+MNiybkdaowCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEQMA4GA1UEBxMHSHVy
c2xleTEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTAeFw0yMDA2MzAwNzE2MDBaFw0zNTA2MjcwNzE2MDBaMGwx
CzAJBgNVBAYTAlVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxEDAOBgNVBAcTB0h1cnNs
ZXkxGTAXBgNVBAoTEG9yZzIuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2NhLm9yZzIu
ZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlkzwJM7JneAQo
VVrvGGJSzhIryum1oXjNEx01rlc0IawgRzMZdeD10kPIFc0xnTyfCwIJCoVNnS/B
cCuU/WvFo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
BgNVHQ4EFgQUG68pu74VjkUe6MxLutjnBKC0VvowCgYIKoZIzj0EAwIDSAAwRQIh
AKH17YHSHWrGSbwHMNt7TtnQo/IpKyr2P10jHKIVgEoKAiBNic1oFFzyO/xV74ju
8Al0TaGFj222ThdzyT3JrZyGqw==
-----END CERTIFICATE-----
httpOptions:
verify: false
registrar:
- enrollId: admin
enrollSecret: adminpw
This is the benchmark-config file used:
---
test:
workers:
type: local
number: 1
rounds:
- label: Query all cars.
txDuration: 30
rateControl:
type: fixed-backlog
opts:
unfinished_per_client: 5
arguments:
assets: 10
startKey: '1'
endKey: '50'
callback: benchmarks/samples/fabric/fabcar/queryAllCars.js
- label: Query a car.
txDuration: 30
rateControl:
type: fixed-backlog
opts:
unfinished_per_client: 5
arguments:
assets: 10
callback: benchmarks/samples/fabric/fabcar/queryCar.js
- label: Create a car.
txDuration: 30
rateControl:
type: fixed-backlog
opts:
unfinished_per_client: 5
callback: benchmarks/samples/fabric/fabcar/createCar.js
monitor:
type:
- docker
docker:
name:
- all
interval: 1
This is the error I was getting:
aliper | 2020-06-26T14:15:31.749Z - error: [FabricCAClientService.js]: Failed to enroll admin, error:%o message=Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054], stack=Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]
caliper | at ClientRequest.request.on (/home/node/.npm-global/lib/node_modules/fabric-ca-client/lib/FabricCAClient.js:484:12)
caliper | at ClientRequest.emit (events.js:198:13)
caliper | at TLSSocket.socketErrorListener (_http_client.js:392:9)
caliper | at TLSSocket.emit (events.js:198:13)
caliper | at emitErrorNT (internal/streams/destroy.js:91:8)
caliper | at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
caliper | at process._tickCallback (internal/process/next_tick.js:63:19)
I was using fabric 2.1.0 and caliper 0.3.2. I specified net-test in docker-compose to make sure caliper container is in the same network as fabric.
Can someone please help?
I am trying to create intermediate CA for my project, I have one root CA and one intermediate CA with Intermediate CA config file as shown below. I am facing issue to create keypairs/MSP and tls cert for intermediate CA & unable to pass the config file to intermediate CA. Steps I followed
Running the Root CA container with bootstrapping admin.
Enrol the admin which generate the MSP for CA admin for org1
fabric-ca-client enroll -u https://admin:adminpw#localhost:7054 --caname ca-org1 --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
Register the Intermediate CA to root CA using below command
fabric-ca-client register --caname ca-org1 --id.name ica --id.attrs '"hf.Registrar.Roles=user,peer",hf.Revoker=true,hf.IntermediateCA=true' --id.secret icapw --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
Run the Intermediate CA container as shown below with using the below config file.
Enrol the Intermediate CA
fabric-ca-client enroll -u https://icaadmin:icaadminpw#localhost:6054 --caname ica-org1 --tls.certfiles ${PWD}/organizations/fabric-ca/icaOrg1/tls-cert.pem
Root CA
version: "2"
networks:
test:
services:
ca_org1:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server
container_name: ca_org1
networks:
- test
Intermidate CA
version: "2"
networks:
test:
services:
ica-org1:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ica-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_LOGGING_SPEC=debug
- FABRIC_CA_SERVER_PORT=6054
ports:
- "6054:6054"
command: sh -c 'fabric-ca-server start -b icaadmin:icaadminpw -u -d http://ica:icapw#ca-org1:7054'
volumes:
- ../organizations/fabric-ca/icaOrg1:/etc/hyperledger/fabric-ca-server
container_name: ica-org1
networks:
- test
ICA Fabric Config file
# Version of config file
version: 1.2.0
# Server's listening port (default: 7054)
port: 7054
# Enables debug logging (default: false)
debug: false
# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000
tls:
# Enable TLS (default: false)
enabled: true
# TLS for the server's listening port
certfile:
keyfile:
clientauth:
type: noclientcert
certfiles:
ca:
# Name of this CA
name: ica.org1.example.com
# Key file (is only used to import a private key into BCCSP)
keyfile:
# Certificate file (default: ca-cert.pem)
certfile:
# Chain file
chainfile:
crl:
# Specifies expiration for the generated CRL. The number of hours
# specified by this property is added to the UTC time, the resulting time
# is used to set the 'Next Update' date of the CRL.
expiry: 24h
registry:
# Maximum number of times a password/secret can be reused for enrollment
# (default: -1, which means there is no limit)
maxenrollments: -1
# Contains identity information which is used when LDAP is disabled
identities:
- name: icaadmin
pass: icaadminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "client,peer,user,member"
hf.Registrar.DelegateRoles: "client,peer,user,member"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
ldap:
# Enables or disables the LDAP client (default: false)
# If this is set to true, the "registry" section is ignored.
enabled: false
# The URL of the LDAP server
url: ldap://<adminDN>:<adminPassword>#<host>:<port>/<base>
# TLS configuration for the client connection to the LDAP server
tls:
certfiles:
client:
certfile:
keyfile:
# Attribute related configuration for mapping from LDAP entries to Fabric CA attributes
attribute:
names: ["uid", "member"]
converters:
- name:
value:
maps:
groups:
- name:
value:
affiliations:
org1:
- department1
- department2
signing:
default:
usage:
- digital signature
expiry: 8760h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 8760h
csr:
cn: ica.org1.example.com
names:
- C: US
ST: "North Carolina"
L: "Durham"
O: org1.example.com
OU:
hosts:
- localhost
- org1.example.com
ca:
expiry: 131400h
pathlength: 1
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section is used to select which
# crypto library implementation to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore
cacount:
cafiles:
intermediate:
parentserver:
url: https://ca-org1:7054
caname: ca.org1.example.com
enrollment:
hosts: localhost
profile:
label:
tls:
certfiles:
client:
certfile:
keyfile:
Since you configured your CAs as TLS enabled, root TLS certificate must be used by intermediate CA. Check your intermediate CA file's corresponding section.
The certfiles attribute's value /tmp/root-ca-cert.pem is the same file of root CA's file: /tmp/hyperledger/fabric-ca/crypto/ca-cert.pem
intermediate:
parentserver:
url: https://admin:admin#root.ca.example.com:7054
caname: root.ca.example.com
enrollment:
hosts:
- ca1.example.com
profile: ca
label:
tls:
certfiles:
- /tmp/root-ca-cert.pem
client:
certfile:
keyfile:
I am using the hyperledger fabric network using the basic network from fabric sample. Basic network consist of one orderer and one peer. I have install the fab car chain code in network and join the channel.Please suggest me how to add Endorsement policy to chaincode, Below are command i used to initiate the chain code
1. peer chaincode install -n fabcar -p github.com/ -v 1.1
2. peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -c '{"Args":[]}' -n fabcar -v 1.1 -P "OR('Org1MSP.peer','Org1MSP.admin','Org1MSP.member')"
I am using the fabric sdk for query the fabcar it works well. But if i try to invoke chaincode its give me error stating
Failed to submit transaction: Error: No endorsement plan available for {"chaincodes":[{"name":"fabcar"}]}
config Tx
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org1.example.com
Port: 7051
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.example.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
Profiles:
OneOrgOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
OneOrgChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
crypto-config
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
Template:
Count: 1
Users:
Count: 1
Invoke function
async function Invoke(userwallet,usename,channelName,chaincodeName) {
try {
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = new FileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the user.
const userExists = await wallet.exists(userwallet);
if (!userExists) {
console.log('An identity for the user "user1" does not exist in the wallet');
console.log('Run the registerUser.js application before retrying');
return;
}
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(ccp, { wallet, identity: usename, discovery: { enabled: true, asLocalhost: true} });
// Get the network (channel) our contract is deployed to.
const network = await gateway.getNetwork(channelName);
// Get the contract from the network.
const contract = network.getContract(chaincodeName);
// Submit the specified transaction.
// createCar transaction - requires 5 argument, ex: ('createCar', 'CAR12', 'Honda', 'Accord', 'Black', 'Tom')
// changeCarOwner transaction - requires 2 args , ex: ('changeCarOwner', 'CAR10', 'Dave')
await contract.submitTransaction('createCar','CAR12', 'Honda', 'Accord', 'Black', 'Tom');
//await contract.submitTransaction('changeCarOwner', 'CAR10', 'Dave');
console.log('Transaction has been submitted');
// Disconnect from the gateway.
await gateway.disconnect();
} catch (error) {
console.error(`Failed to submit transaction: ${error}`);
process.exit(1);
}
}
module.exports.Invoke = Invoke
It is weird, Let's do some trial and error
Try to make changes in the below snippet. This removes the policy do not worry a default policy will be applicable
peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -c '{"Args":[]}' -n fabcar -v 1.1
I have been trying to get going on using the SDK to invoke a function from an installed chaincode, but I have ran into an issue, which I am struggling to resolve.
The javascript program I built was a mix of the test/integration/client.js file and the fabcar/invoke.js. When I run the script though, I am getting the following error when running the transaction proposal:
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Failed to deserialize creator identity, err The supplied identity is not valid, Verify() returned x509: certificate signed by unknown authority
I know my issue is due to not using the right certificate, but I don't know where I am not using that correct certificate. I created the crypto-config directory using the following script:
../src/github.com/hyperledger/fabric/build//bin/cryptogen generate --config=./crypto-config.yaml
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile OrdererGenesis -outputBlock ./channel-artifacts/genesis.block
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel --outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel -outputAnchorPeersUpdate ./channel-artifacts/CorpMSPanchors.tx -channelID $CHANNEL_NAME -asOrg CorpMSP
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel -outputAnchorPeersUpdate ./channel-artifacts/EngMSPanchors.tx -channelID $CHANNEL_NAME -asOrg EngMSP
Here is the code where I add my peer and my channel:
let data = fs.readFileSync(network[org].peers['peer1']['tls_cacerts']);
var peer = client.newPeer(
network[org].peers['peer1'].requests,
{
pem: Buffer.from(data).toString(),
'ssl-target-name-override': network[org].peers['peer1']['server-hostname']
});
console.log("- Peer set up, setting up channel");
channel = client.newChannel(utils.getConfigSetting('channelName'));
channel.addPeer(peer);
data = fs.readFileSync(network.orderer['tls_cacerts']);
channel.addOrderer(client.newOrderer(network.orderer['url']), {
pem: Buffer.from(data).toString(),
'ssl-target-name-override': network.orderer['server-hostname']
});
target.push(peer);
and here is the configuration of my network:
{
"tmpdir": "/tmp/hfc_test_kvs",
"channelName" : "mychannel",
"chaincodeId" : "blockparty",
"network-config": {
"orderer": {
"url": "grpcs://orderer.example.com:7050",
"server-hostname": "orderer.example.com",
"tls_cacerts": "./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
},
"org1": {
"name": "Corp",
"mspid": "CorpMSP",
"username": "Admin",
"peers": {
"peer1": {
"requests": "grpcs://peer0.corp.example.com:7051",
"events": "grpcs://peer0.corp.example.com:7053",
"server-hostname": "peer0.corp.example.com",
"tls_cacerts": "./crypto-config/peerOrganizations/corp.example.com/peers/peer0.corp.example.com/tls/server.crt"
},
"admin": {
"key": "./crypto-config/peerOrganizations/corp.example.com/users/Admin#corp.example.com/msp/keystore",
"cert": "./crypto-config/peerOrganizations/corp.example.com/users/Admin#corp.example.com/msp/signcerts"
}
},
As requested, here are some snippets of my crypto-config.yaml:
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Corp
Domain: corp.example.com
Specs:
- Hostname: peer0
- Hostname: peer1
- Hostname: peer2
Users:
Count: 1
and my configtx.yaml:
Profiles:
OrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Corp
- *Eng
Channel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Corp
- *Eng
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Corp
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: CorpMSP
# ID to load the MSP definition as
ID: CorpMSP
MSPDir: crypto-config/peerOrganizations/corp.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.corp.example.com
Port: 7051
Any thoughts on which certificate I am supposed to use to properly submit the transaction proposal and then the transaction? I am not using a ca-server and I am not using the docker containers either. The environment works as I am able to invoke the chaincode using peer chaincode invoke command, so I know it works, but I am not sure which certificate, I am supposed to use in the client.newPeer and the client.newChannel functions.
Thanks a lot for reading,
Bertrand.
I think you will need a certificate for client Admin. Preferably signed by either corp.example.com or peer#.corp.example.com. The certificate chain for corp.example.com is already present in the your MSPDir/ca folder. So that should do the trick.