Hyperledger Fabric channel creation failure - hyperledger-fabric

I'm running the following steps:
cryptogen generate --config./crypto-config.yaml
export FABRIC_CFG_PATH=$PWD
mkdir channel-artifacts
configtxgen -profile TwoOrgsOrdererGenesis -channelID byfn-sys-channel -outputBlock ./channel-artifacts/genesis.block
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID "mychannel"
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID "mychannel" -asOrg Org1MSP
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID "mychannel" -asOrg Org2MSP
docker-compose -f docker-compose-cli.yaml up -d
docker exec -it cli bash
ORDERER_CA=/work/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
PEER0_ORG1_CA=/work/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
PEER0_ORG2_CA=/work/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
CORE_PEER_LOCALMSPID="OrdererMSP"
CORE_PEER_TLS_ROOTCERT_FILE=/work/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
CORE_PEER_MSPCONFIGPATH=/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp
CHANNEL="mychannel"
CC_SRC_PATH="/chaincode/"
peer channel create -o orderer.example.com:7050 -c $CHANNEL -f /work/channel-artifacts/channel.tx --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA
Creating the channel yields:
peer channel create -o orderer.example.com:7050 -c mychannel -f /work/channel-artifacts/channel.tx --tls true --cafile /work/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2018-12-21 05:58:02.995 UTC [viperutil] getKeysRecursively -> DEBU 001 Found map[string]interface{} value for peer.BCCSP
2018-12-21 05:58:02.996 UTC [viperutil] getKeysRecursively -> DEBU 002 Found map[string]interface{} value for peer.BCCSP.SW
2018-12-21 05:58:02.996 UTC [viperutil] unmarshalJSON -> DEBU 003 Unmarshal JSON: value cannot be unmarshalled: invalid character 'S' looking for beginning of value
2018-12-21 05:58:02.997 UTC [viperutil] getKeysRecursively -> DEBU 004 Found real value for peer.BCCSP.SW.Hash setting to string SHA2
2018-12-21 05:58:02.998 UTC [viperutil] unmarshalJSON -> DEBU 005 Unmarshal JSON: value is not a string: 256
2018-12-21 05:58:02.998 UTC [viperutil] getKeysRecursively -> DEBU 006 Found real value for peer.BCCSP.SW.Security setting to int 256
2018-12-21 05:58:02.998 UTC [viperutil] getKeysRecursively -> DEBU 007 Found map[string]interface{} value for peer.BCCSP.SW.FileKeyStore
2018-12-21 05:58:02.998 UTC [viperutil] unmarshalJSON -> DEBU 008 Unmarshal JSON: value cannot be unmarshalled: unexpected end of JSON input
2018-12-21 05:58:02.999 UTC [viperutil] getKeysRecursively -> DEBU 009 Found real value for peer.BCCSP.SW.FileKeyStore.KeyStore setting to string
2018-12-21 05:58:02.999 UTC [viperutil] getKeysRecursively -> DEBU 00a Found map[string]interface{} value for peer.BCCSP.PKCS11
2018-12-21 05:58:03.000 UTC [viperutil] unmarshalJSON -> DEBU 00b Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.000 UTC [viperutil] getKeysRecursively -> DEBU 00c Found real value for peer.BCCSP.PKCS11.Security setting to <nil> <nil>
2018-12-21 05:58:03.001 UTC [viperutil] getKeysRecursively -> DEBU 00d Found map[string]interface{} value for peer.BCCSP.PKCS11.FileKeyStore
2018-12-21 05:58:03.002 UTC [viperutil] unmarshalJSON -> DEBU 00e Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.003 UTC [viperutil] getKeysRecursively -> DEBU 00f Found real value for peer.BCCSP.PKCS11.FileKeyStore.KeyStore setting to <nil> <nil>
2018-12-21 05:58:03.003 UTC [viperutil] unmarshalJSON -> DEBU 010 Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.004 UTC [viperutil] getKeysRecursively -> DEBU 011 Found real value for peer.BCCSP.PKCS11.Library setting to <nil> <nil>
2018-12-21 05:58:03.005 UTC [viperutil] unmarshalJSON -> DEBU 012 Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.006 UTC [viperutil] getKeysRecursively -> DEBU 013 Found real value for peer.BCCSP.PKCS11.Label setting to <nil> <nil>
2018-12-21 05:58:03.007 UTC [viperutil] unmarshalJSON -> DEBU 014 Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.007 UTC [viperutil] getKeysRecursively -> DEBU 015 Found real value for peer.BCCSP.PKCS11.Pin setting to <nil> <nil>
2018-12-21 05:58:03.008 UTC [viperutil] unmarshalJSON -> DEBU 016 Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.009 UTC [viperutil] getKeysRecursively -> DEBU 017 Found real value for peer.BCCSP.PKCS11.Hash setting to <nil> <nil>
2018-12-21 05:58:03.010 UTC [viperutil] unmarshalJSON -> DEBU 018 Unmarshal JSON: value cannot be unmarshalled: invalid character 'S' looking for beginning of value
2018-12-21 05:58:03.010 UTC [viperutil] getKeysRecursively -> DEBU 019 Found real value for peer.BCCSP.Default setting to string SW
2018-12-21 05:58:03.011 UTC [viperutil] EnhancedExactUnmarshalKey -> DEBU 01a map[peer.BCCSP:map[SW:map[Hash:SHA2 Security:256 FileKeyStore:map[KeyStore:]] PKCS11:map[Hash:<nil> Security:<nil> FileKeyStore:map[KeyStore:<nil>] Library:<nil> Label:<nil> Pin:<nil>] Default:SW]]
2018-12-21 05:58:03.020 UTC [bccsp_sw] openKeyStore -> DEBU 01b KeyStore opened at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/keystore]...done
2018-12-21 05:58:03.023 UTC [bccsp] initBCCSP -> DEBU 01c Initialize BCCSP [SW]
2018-12-21 05:58:03.024 UTC [msp] getPemMaterialFromDir -> DEBU 01d Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/signcerts
2018-12-21 05:58:03.041 UTC [msp] getPemMaterialFromDir -> DEBU 01e Inspecting file /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/signcerts/Admin#example.com-cert.pem
2018-12-21 05:58:03.049 UTC [msp] getPemMaterialFromDir -> DEBU 01f Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/cacerts
2018-12-21 05:58:03.058 UTC [msp] getPemMaterialFromDir -> DEBU 020 Inspecting file /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/cacerts/ca.example.com-cert.pem
2018-12-21 05:58:03.062 UTC [msp] getPemMaterialFromDir -> DEBU 021 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/admincerts
2018-12-21 05:58:03.067 UTC [msp] getPemMaterialFromDir -> DEBU 022 Inspecting file /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/admincerts/Admin#example.com-cert.pem
2018-12-21 05:58:03.071 UTC [msp] getPemMaterialFromDir -> DEBU 023 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/intermediatecerts
2018-12-21 05:58:03.075 UTC [msp] getMspConfig -> DEBU 024 Intermediate certs folder not found at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/intermediatecerts]. Skipping. [stat /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/intermediatecerts: no such file or directory]
2018-12-21 05:58:03.075 UTC [msp] getPemMaterialFromDir -> DEBU 025 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlscacerts
2018-12-21 05:58:03.082 UTC [msp] getPemMaterialFromDir -> DEBU 026 Inspecting file /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2018-12-21 05:58:03.085 UTC [msp] getPemMaterialFromDir -> DEBU 027 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlsintermediatecerts
2018-12-21 05:58:03.086 UTC [msp] getMspConfig -> DEBU 028 TLS intermediate certs folder not found at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlsintermediatecerts]. Skipping. [stat /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlsintermediatecerts: no such file or directory]
2018-12-21 05:58:03.086 UTC [msp] getPemMaterialFromDir -> DEBU 029 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/crls
2018-12-21 05:58:03.088 UTC [msp] getMspConfig -> DEBU 02a crls folder not found at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/crls]. Skipping. [stat /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/crls: no such file or directory]
2018-12-21 05:58:03.089 UTC [msp] getMspConfig -> DEBU 02b MSP configuration file not found at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/config.yaml]: [stat /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/config.yaml: no such file or directory]
2018-12-21 05:58:03.092 UTC [msp] newBccspMsp -> DEBU 02c Creating BCCSP-based MSP instance
2018-12-21 05:58:03.093 UTC [msp] New -> DEBU 02d Creating Cache-MSP instance
2018-12-21 05:58:03.093 UTC [msp] loadLocaMSP -> DEBU 02e Created new local MSP
2018-12-21 05:58:03.095 UTC [msp] Setup -> DEBU 02f Setting up MSP instance OrdererMSP
2018-12-21 05:58:03.096 UTC [msp/identity] newIdentity -> DEBU 030 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICMDCCAdagAwIBAgIRAJMJ50AFi4DVbfmy2tZwr8swCgYIKoZIzj0EAwIwaTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt
cGxlLmNvbTAeFw0xODEyMjEwNTUxMDBaFw0yODEyMTgwNTUxMDBaMGkxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp
c2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5j
b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQz7AEO7XsDC3ovSn4KoU9bMiu1
oZL6rYNG3IwlEiLIRTdF9YjkNadjxev769Nfe6zPBDQ7mxcjAeW96v3HD1Fqo18w
XTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTAD
AQH/MCkGA1UdDgQiBCAX+J5Ayk0WYWPq+x/0rjbTs+m/RLvoqoGbt5slt3V8rDAK
BggqhkjOPQQDAgNIADBFAiEAqpwE5/Rkik0BKPgtbsiivijQ4pjwfjY5qOVZJeni
9G0CIAIdM34UbsWMnBXE31XGlMczGMqAmvu3keGDcEFOxgEb
-----END CERTIFICATE-----
2018-12-21 05:58:03.098 UTC [msp/identity] newIdentity -> DEBU 031 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICCjCCAbCgAwIBAgIQNvIOivt9quw48gGIQH5xUzAKBggqhkjOPQQDAjBpMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w
bGUuY29tMB4XDTE4MTIyMTA1NTEwMFoXDTI4MTIxODA1NTEwMFowVjELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz
Y28xGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEHRUSNwy5tPgTCW8n75BDjAPImpFjGHP2LWHOJMC4m8ffZ7xbjvpo
oEcUTfp4K4K/TeEcmGeYQeM0scPEnOVtW6NNMEswDgYDVR0PAQH/BAQDAgeAMAwG
A1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgF/ieQMpNFmFj6vsf9K4207Ppv0S76KqB
m7ebJbd1fKwwCgYIKoZIzj0EAwIDSAAwRQIhAMo50UA2es1ZPleNNXgXXA0Dun7c
CiUjOH7ZbvLt5SUrAiBlcwDp/lNcF2O8UfxposYdcignY2yfzbW/eXmnYMkj0Q==
-----END CERTIFICATE-----
2018-12-21 05:58:03.127 UTC [msp/identity] newIdentity -> DEBU 032 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICCjCCAbCgAwIBAgIQNvIOivt9quw48gGIQH5xUzAKBggqhkjOPQQDAjBpMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w
bGUuY29tMB4XDTE4MTIyMTA1NTEwMFoXDTI4MTIxODA1NTEwMFowVjELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz
Y28xGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEHRUSNwy5tPgTCW8n75BDjAPImpFjGHP2LWHOJMC4m8ffZ7xbjvpo
oEcUTfp4K4K/TeEcmGeYQeM0scPEnOVtW6NNMEswDgYDVR0PAQH/BAQDAgeAMAwG
A1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgF/ieQMpNFmFj6vsf9K4207Ppv0S76KqB
m7ebJbd1fKwwCgYIKoZIzj0EAwIDSAAwRQIhAMo50UA2es1ZPleNNXgXXA0Dun7c
CiUjOH7ZbvLt5SUrAiBlcwDp/lNcF2O8UfxposYdcignY2yfzbW/eXmnYMkj0Q==
-----END CERTIFICATE-----
2018-12-21 05:58:03.136 UTC [bccsp_sw] loadPrivateKey -> DEBU 033 Loading private key [f402b6fb650fc38fb9a4ae8b21abe98abbc3bf1786186fbc52a4fcf4e0cadeec] at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/keystore/f402b6fb650fc38fb9a4ae8b21abe98abbc3bf1786186fbc52a4fcf4e0cadeec_sk]...
2018-12-21 05:58:03.143 UTC [msp/identity] newIdentity -> DEBU 034 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICCjCCAbCgAwIBAgIQNvIOivt9quw48gGIQH5xUzAKBggqhkjOPQQDAjBpMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w
bGUuY29tMB4XDTE4MTIyMTA1NTEwMFoXDTI4MTIxODA1NTEwMFowVjELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz
Y28xGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEHRUSNwy5tPgTCW8n75BDjAPImpFjGHP2LWHOJMC4m8ffZ7xbjvpo
oEcUTfp4K4K/TeEcmGeYQeM0scPEnOVtW6NNMEswDgYDVR0PAQH/BAQDAgeAMAwG
A1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgF/ieQMpNFmFj6vsf9K4207Ppv0S76KqB
m7ebJbd1fKwwCgYIKoZIzj0EAwIDSAAwRQIhAMo50UA2es1ZPleNNXgXXA0Dun7c
CiUjOH7ZbvLt5SUrAiBlcwDp/lNcF2O8UfxposYdcignY2yfzbW/eXmnYMkj0Q==
-----END CERTIFICATE-----
2018-12-21 05:58:03.143 UTC [msp] setupSigningIdentity -> DEBU 035 Signing identity expires at 2028-12-18 05:51:00 +0000 UTC
2018-12-21 05:58:03.143 UTC [msp] Validate -> DEBU 036 MSP OrdererMSP validating identity
2018-12-21 05:58:03.144 UTC [msp] GetDefaultSigningIdentity -> DEBU 037 Obtaining default signing identity
2018-12-21 05:58:03.152 UTC [grpc] DialContext -> DEBU 038 parsed scheme: ""
2018-12-21 05:58:03.155 UTC [grpc] DialContext -> DEBU 039 scheme "" not registered, fallback to default scheme
2018-12-21 05:58:03.156 UTC [grpc] watcher -> DEBU 03a ccResolverWrapper: sending new addresses to cc: [{orderer.example.com:7050 0 <nil>}]
2018-12-21 05:58:03.157 UTC [grpc] switchBalancer -> DEBU 03b ClientConn switching balancer to "pick_first"
2018-12-21 05:58:03.158 UTC [grpc] HandleSubConnStateChange -> DEBU 03c pickfirstBalancer: HandleSubConnStateChange: 0xc4202a1a30, CONNECTING
2018-12-21 05:58:03.179 UTC [grpc] HandleSubConnStateChange -> DEBU 03d pickfirstBalancer: HandleSubConnStateChange: 0xc4202a1a30, READY
2018-12-21 05:58:03.183 UTC [channelCmd] InitCmdFactory -> INFO 03e Endorser and orderer connections initialized
2018-12-21 05:58:03.192 UTC [msp] GetDefaultSigningIdentity -> DEBU 03f Obtaining default signing identity
2018-12-21 05:58:03.193 UTC [msp] GetDefaultSigningIdentity -> DEBU 040 Obtaining default signing identity
2018-12-21 05:58:03.193 UTC [msp/identity] Sign -> DEBU 041 Sign: plaintext: 0A90060A0A4F7264657265724D535012...53616D706C65436F6E736F727469756D
2018-12-21 05:58:03.194 UTC [msp/identity] Sign -> DEBU 042 Sign: digest: 92BB1016BFDAC4274F151AA23E3A16A90E71F4D7BBEC266CDC566B398D1DC25B
2018-12-21 05:58:03.195 UTC [msp] GetDefaultSigningIdentity -> DEBU 043 Obtaining default signing identity
2018-12-21 05:58:03.195 UTC [msp] GetDefaultSigningIdentity -> DEBU 044 Obtaining default signing identity
2018-12-21 05:58:03.196 UTC [msp/identity] Sign -> DEBU 045 Sign: plaintext: 0AC7060A1508021A0608EB81F2E00522...060A56072CF60B8F5697E4ED67FD0157
2018-12-21 05:58:03.198 UTC [msp/identity] Sign -> DEBU 046 Sign: digest: F0D279F148EC9853919A36DED749B885E48E562B9450E6ED02F2D5B8CF42B47A
2018-12-21 05:58:03.211 UTC [grpc] DialContext -> DEBU 047 parsed scheme: ""
2018-12-21 05:58:03.212 UTC [grpc] DialContext -> DEBU 048 scheme "" not registered, fallback to default scheme
2018-12-21 05:58:03.212 UTC [grpc] watcher -> DEBU 049 ccResolverWrapper: sending new addresses to cc: [{orderer.example.com:7050 0 <nil>}]
2018-12-21 05:58:03.212 UTC [grpc] switchBalancer -> DEBU 04a ClientConn switching balancer to "pick_first"
2018-12-21 05:58:03.212 UTC [grpc] HandleSubConnStateChange -> DEBU 04b pickfirstBalancer: HandleSubConnStateChange: 0xc420486a60, CONNECTING
2018-12-21 05:58:03.226 UTC [grpc] HandleSubConnStateChange -> DEBU 04c pickfirstBalancer: HandleSubConnStateChange: 0xc420486a60, READY
Error: got unexpected status: BAD_REQUEST -- error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
I use the following crypto-config.yaml
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
and this configtx.yaml:
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
My docker-compose-cli.yaml file:
version: '2'
volumes:
orderer.example.com:
peer0.org1.example.com:
peer1.org1.example.com:
peer0.org2.example.com:
peer1.org2.example.com:
networks:
byfn:
services:
orderer.example.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
networks:
- byfn
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
networks:
- byfn
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org1.example.com
networks:
- byfn
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
networks:
- byfn
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org2.example.com
networks:
- byfn
cli:
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
#- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/work/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/work/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/work/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/work/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- ./channel-artifacts:/work/channel-artifacts
- ./crypto-config:/work/crypto-config
- ./scripts:/work/
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
networks:
- byfn
Someone faced a similiar problem?
Update
Starting first to orderer service and then peer0 gives the following log:
docker-compose -f docker-compose-cli.yaml up peer0.org1.example.com
Starting peer0.org1.example.com ... done
Attaching to peer0.org1.example.com
peer0.org1.example.com | 2018-12-21 07:22:09.355 UTC [nodeCmd] serve -> INFO 001 Starting peer:
peer0.org1.example.com | Version: 1.3.0
peer0.org1.example.com | Commit SHA: ab0a67a
peer0.org1.example.com | Go version: go1.10.4
peer0.org1.example.com | OS/Arch: linux/amd64
peer0.org1.example.com | Experimental features: false
peer0.org1.example.com | Chaincode:
peer0.org1.example.com | Base Image Version: 0.4.13
peer0.org1.example.com | Base Docker Namespace: hyperledger
peer0.org1.example.com | Base Docker Label: org.hyperledger.fabric
peer0.org1.example.com | Docker Namespace: hyperledger
peer0.org1.example.com | 2018-12-21 07:22:09.355 UTC [ledgermgmt] initialize -> INFO 002 Initializing ledger mgmt
peer0.org1.example.com | 2018-12-21 07:22:09.355 UTC [kvledger] NewProvider -> INFO 003 Initializing ledger provider
peer0.org1.example.com | 2018-12-21 07:22:09.466 UTC [kvledger] NewProvider -> INFO 004 ledger provider Initialized
peer0.org1.example.com | 2018-12-21 07:22:09.485 UTC [ledgermgmt] initialize -> INFO 005 ledger mgmt initialized
peer0.org1.example.com | 2018-12-21 07:22:09.485 UTC [peer] func1 -> INFO 006 Auto-detected peer address: 172.26.0.3:7051
peer0.org1.example.com | 2018-12-21 07:22:09.486 UTC [peer] func1 -> INFO 007 Returning peer0.org1.example.com:7051
peer0.org1.example.com | 2018-12-21 07:22:09.486 UTC [peer] func1 -> INFO 008 Auto-detected peer address: 172.26.0.3:7051
peer0.org1.example.com | 2018-12-21 07:22:09.486 UTC [peer] func1 -> INFO 009 Returning peer0.org1.example.com:7051
peer0.org1.example.com | 2018-12-21 07:22:09.487 UTC [nodeCmd] serve -> INFO 00a Starting peer with TLS enabled
peer0.org1.example.com | 2018-12-21 07:22:09.487 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 00b Entering computeChaincodeEndpoint with peerHostname: peer0.org1.example.com
peer0.org1.example.com | 2018-12-21 07:22:09.488 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 00c Exit with ccEndpoint: peer0.org1.example.com:7052
peer0.org1.example.com | 2018-12-21 07:22:09.488 UTC [nodeCmd] createChaincodeServer -> WARN 00d peer.chaincodeListenAddress is not set, using peer0.org1.example.com:7052
peer0.org1.example.com | 2018-12-21 07:22:09.490 UTC [sccapi] registerSysCC -> INFO 00e system chaincode lscc(github.com/hyperledger/fabric/core/scc/lscc) registered
peer0.org1.example.com | 2018-12-21 07:22:09.490 UTC [sccapi] registerSysCC -> INFO 00f system chaincode cscc(github.com/hyperledger/fabric/core/scc/cscc) registered
peer0.org1.example.com | 2018-12-21 07:22:09.490 UTC [sccapi] registerSysCC -> INFO 010 system chaincode qscc(github.com/hyperledger/fabric/core/scc/qscc) registered
peer0.org1.example.com | 2018-12-21 07:22:09.490 UTC [sccapi] registerSysCC -> INFO 011 system chaincode +lifecycle(github.com/hyperledger/fabric/core/chaincode/lifecycle) registered
peer0.org1.example.com | 2018-12-21 07:22:09.492 UTC [gossip/service] func1 -> INFO 012 Initialize gossip with endpoint peer0.org1.example.com:7051 and bootstrap set [peer1.org1.example.com:7051]
peer0.org1.example.com | 2018-12-21 07:22:09.494 UTC [gossip/gossip] NewGossipService -> INFO 013 Creating gossip service with self membership of {peer0.org1.example.com:7051 [] [132 133 191 71 241 248 154 220 155 96 230 124 237 186 150 131 247 243 69 99 70 223 16 116 157 162 26 216 63 117 58 153] peer0.org1.example.com:7051 <nil> <nil>}
peer0.org1.example.com | 2018-12-21 07:22:09.495 UTC [gossip/gossip] start -> INFO 014 Gossip instance peer0.org1.example.com:7051 started
peer0.org1.example.com | 2018-12-21 07:22:09.495 UTC [sccapi] deploySysCC -> INFO 015 system chaincode lscc/(github.com/hyperledger/fabric/core/scc/lscc) deployed
peer0.org1.example.com | fatal error: unexpected signal during runtime execution
peer0.org1.example.com | [signal SIGSEGV: segmentation violation code=0x1 addr=0x63 pc=0x7fd604040259]
peer0.org1.example.com |
peer0.org1.example.com | runtime stack:
peer0.org1.example.com | runtime.throw(0x111434c, 0x2a)
peer0.org1.example.com | /opt/go/src/runtime/panic.go:616 +0x81
peer0.org1.example.com | runtime.sigpanic()
peer0.org1.example.com | /opt/go/src/runtime/signal_unix.go:372 +0x28e

This is kind of a general error which occurs in fabric. I remember getting BAD Request
error on subsequent execution of peer channel create command when the first one took a bit longer and the request got timed out. However, in this case, the error says that the channel create request is not able to satisfy the implicit policy - i.e., doesn't have appropriate permissions to execute the command. Try setting the msp path in the peer to admin folder, using export CORE_PEER_MSPCONFIGPATH=<path to admin msp>, such that peer signs the channel create command with admincerts instead of peer certificates. Here is an useful link explaining the issue in detail - peer channel creation fails in Hyperledger Fabric

Checked each container log files, paths were incorrect - adjusting peer template to 2 fixed it

Related

How to connect to Hyperledger Fabric Gateway Service (new in HF 2.4) with TLS enabled?

I have a Hyperlegder Fabric network set-up which is operating fine as long as I don't use new Fabric-Gateway SDK (https://hyperledger-fabric.readthedocs.io/en/release-2.4/gateway.html).
I upgraded my network from 2.3.1 to 2.4.1 and wanted to try the new SDK, but cannot connect to the Peer. Below I give some details of my configuration.
Peer-base docker service:
peer-base:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_basic
- FABRIC_LOGGING_SPEC=info:gateway,comm,comm.grpc,comm.grpc.server=debug
- CORE_CHAINCODE_LOGGING_LEVEL=info
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=***
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=***
- CORE_METRICS_PROVIDER=prometheus
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:7055
- CORE_PEER_GATEWAY_ENABLED=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
volumes:
- ./config:/etc/hyperledger/configtx
- /var/run/:/host/var/run/
networks:
- basic
restart: always
After migrating to 2.4.1, I added CORE_PEER_GATEWAY_ENABLED=true.
The peer docker service, which extends the peer-base:
peer0.org1.tcash.com:
container_name: peer0.org1.tcash.com
extends:
file: docker-compose-org1-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org1.tcash.com
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_ADDRESS=peer0.org1.tcash.com:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.tcash.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=test2.tcash.sigmacomp.pl:7051
- CORE_PEER_GOSSIP_ENDPOINT=test2.tcash.sigmacomp.pl:7051
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0.org1.tcash.com:5984
ports:
- 7051:7051
- 7053:7053
- 7055:7055
volumes:
- ./crypto-config/peerOrganizations/org1.tcash.com/peers/peer0.org1.tcash.com:/etc/hyperledger/peer
- ./persistence/peer0.org1.tcash.com/:/var/hyperledger/production
depends_on:
- couchdb0.org1.tcash.com
extra_hosts:
- orderer0.tcash.com:146.59.17.169
- orderer1.tcash.com:146.59.17.169
- orderer2.tcash.com:146.59.17.169
- orderer3.tcash.com:146.59.17.169
- orderer4.tcash.com:146.59.17.169
- peer2.org1.tcash.com:51.195.202.90
- peer3.org1.tcash.com:51.195.202.90
- peer4.org1.tcash.com:51.68.172.244
- peer5.org1.tcash.com:51.68.172.244
No changes have been made here during migration to 2.4.1.
I can see in the Peer logs, that new gateway service has been started:
2022-01-21 12:34:09.177 UTC 0023 INFO [nodeCmd] serve -> Starting peer with Gateway enabled
2022-01-21 12:34:09.177 UTC 0024 INFO [nodeCmd] serve -> Starting peer with ID=[peer0.org1.tcash.com], network ID=[dev], address=[peer0.org1.tcash.com:7051]
2022-01-21 12:34:09.177 UTC 0025 INFO [nodeCmd] func7 -> Starting profiling server with listenAddress = 0.0.0.0:6060
2022-01-21 12:34:09.177 UTC 0026 INFO [nodeCmd] serve -> Started peer with ID=[peer0.org1.tcash.com], network ID=[dev], address=[peer0.org1.tcash.com:7051]
After deploying the network, I try to run the transaction with the following code (NodeJS):
'use strict';
const fs = require('fs');
const crypto = require('crypto');
const grpc =require('#grpc/grpc-js');
const { connect, signers } = require('#hyperledger/fabric-gateway');
async function main() {
// Main try/catch block
try {
const credentials = fs.readFileSync('walletOffline/user.cert.pem');
const identity = { mspId: 'Org1MSP', credentials };
const privateKeyPem = fs.readFileSync('walletOffline/user.key.pem');
const privateKey = crypto.createPrivateKey(privateKeyPem);
const signer = signers.newPrivateKeySigner(privateKey);
const ccpJSON = fs.readFileSync('connection.json');
const ccp = JSON.parse(ccpJSON);
const peerName = ccp.organizations.org1.peers[0];
const peerAddress = ccp.peers[peerName].url.replace('grpcs://', '');
const tlsCACert = ccp.peers[peerName].tlsCACerts.pem;
const grpcOptions = ccp.peers[peerName].grpcOptions;
const tlsRootCert = Buffer.from(tlsCACert);
const tlsCredentials = grpc.credentials.createSsl(tlsRootCert);
const client = new grpc.Client(peerAddress, tlsCredentials, grpcOptions);
const gateway = connect({identity, signer, client});
const network = gateway.getNetwork('tcashchannel');
const contract = network.getContract('tcash');
const result = await contract.evaluateTransaction('queryAccountState', '100', '');
console.log('result: ' + result);
} catch (error) {
console.log('Error: ' + error);
console.log(error.stack);
}
}
main();
As you can see, I am extracting connection parameters from the JSON connection profile. This connection profile I use with the 'old' HF Node SDK and it's working without issues. However running this code gives me the following error from contract.evaluateTransaction() after 120 seconds timeout:
GatewayError: 14 UNAVAILABLE: failed to create new connection: context deadline exceeded
at newGatewayError (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#hyperledger/fabric-gateway/dist/gatewayerror.js:40:12)
at Object.callback (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#hyperledger/fabric-gateway/dist/client.js:81:67)
at Object.onReceiveStatus (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#grpc/grpc-js/build/src/client.js:180:36)
at Object.onReceiveStatus (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#grpc/grpc-js/build/src/client-interceptors.js:365:141)
at Object.onReceiveStatus (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#grpc/grpc-js/build/src/client-interceptors.js:328:181)
at /Users/michaliwanicki/git/tcash/tcash-application/node_modules/#grpc/grpc-js/build/src/call-stream.js:182:78
at processTicksAndRejections (internal/process/task_queues.js:77:11)
I can also see the corresponding entry in the peer logs:
2022-01-21 14:24:14.961 UTC 007e INFO [comm.grpc.server] 1 -> unary call completed grpc.service=gateway.Gateway grpc.method=Evaluate grpc.peer_address=178.183.68.178:54151 error="rpc error: code = Unavailable desc = failed to create new connection: context deadline exceeded" grpc.code=Unavailable grpc.call_duration=2m0.00087636s
There are no errors or warnings in the peer log.
EDIT:
After switching logging level to DEBUG and filtering it out, I came across the following part:
2022-01-27 13:38:19.217 UTC 67af DEBU [core.comm] ServerHandshake -> Server TLS handshake completed in 69.892651ms server=PeerServer remoteaddress=178.183.68.178:58755
2022-01-27 13:38:19.356 UTC 67b0 DEBU [lockbasedtxmgr] newQueryExecutor -> constructing new query executor txid = [407898ef-0004-4f25-be10-b603a2aaf919]
2022-01-27 13:38:19.357 UTC 67b1 DEBU [statecouchdb] GetState -> GetState(). ns=, key=CHANNEL_CONFIG_ENV_BYTES
2022-01-27 13:38:19.358 UTC 67b2 DEBU [lockbasedtxmgr] Done -> Done with transaction simulation / query execution [407898ef-0004-4f25-be10-b603a2aaf919]
2022-01-27 13:38:19.358 UTC [grpc] WarningDepth -> DEBU 02f [core]Adjusting keepalive ping interval to minimum period of 10s
2022-01-27 13:38:19.359 UTC [grpc] InfoDepth -> DEBU 030 [core]parsed scheme: ""
2022-01-27 13:38:19.359 UTC [grpc] InfoDepth -> DEBU 031 [core]scheme "" not registered, fallback to default scheme
2022-01-27 13:38:19.359 UTC [grpc] InfoDepth -> DEBU 032 [core]ccResolverWrapper: sending update to cc: {[{test2.tcash.sigmacomp.pl:8051 <nil> 0 <nil>}] <nil> <nil>}
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 033 [core]ClientConn switching balancer to "pick_first"
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 034 [core]Channel switches to new LB policy "pick_first"
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 035 [core]Subchannel Connectivity change to CONNECTING
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 036 [core]pickfirstBalancer: UpdateSubConnState: 0xc002ed2b30, {CONNECTING <nil>}
2022-01-27 13:38:19.361 UTC [grpc] InfoDepth -> DEBU 037 [core]Channel Connectivity change to CONNECTING
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 038 [core]Subchannel picks a new address "test2.tcash.sigmacomp.pl:8051" to connect
2022-01-27 13:38:19.370 UTC [grpc] InfoDepth -> DEBU 039 [core]Subchannel Connectivity change to TRANSIENT_FAILURE
2022-01-27 13:38:19.370 UTC [grpc] InfoDepth -> DEBU 03a [core]pickfirstBalancer: UpdateSubConnState: 0xc002ed2b30, {TRANSIENT_FAILURE connection closed}
2022-01-27 13:38:19.370 UTC [grpc] InfoDepth -> DEBU 03b [core]Channel Connectivity change to TRANSIENT_FAILURE
2022-01-27 13:38:19.370 UTC [grpc] InfoDepth -> DEBU 03c [transport]transport: loopyWriter.run returning. connection error: desc = "transport is closing"
EDIT 2:
I noticed that there are some errors in peer logs belonging to the other peers in the network (not the one which is called by the client application and running the Gateway service). It seems that there is a problem with establishment of TLS between peers when using Gateway SDK:
2022-02-10 14:36:24.934 UTC 24b0 DEBU [gossip.comm] func1 -> Got message: GossipMessage: Channel: , nonce: 0, tag: CHAN_OR_ORG state_info_pull_req: Channel MAC:23b92135be842b052b823a7c87853436fb579040416405d4fdfd0b6db0aa02d9, Envelope: 39 bytes, Signature: 0 bytes
2022-02-10 14:36:24.934 UTC 24b1 DEBU [gossip.gossip] handleMessage -> Entering, 54.37.226.59:7051 5c2af6d536100ada4e7f1829978c7f0163a6589f47f44207aa51a84987fe6a5b sent us GossipMessage: Channel: , nonce: 0, tag: CHAN_OR_ORG state_info_pull_req: Channel MAC:23b92135be842b052b823a7c87853436fb579040416405d4fdfd0b6db0aa02d9, Envelope: 39 bytes, Signature: 0 bytes
2022-02-10 14:36:24.935 UTC 24b2 DEBU [gossip.gossip] handleMessage -> Exiting
2022-02-10 14:36:24.942 UTC 24b3 ERRO [core.comm] ServerHandshake -> Server TLS handshake failed in 15.541µs with error tls: first record does not look like a TLS handshake server=PeerServer remoteaddress=172.24.0.1:36394
2022-02-10 14:36:24.942 UTC [grpc] WarningDepth -> DEBU 04e [core]grpc: Server.Serve failed to complete security handshake from "172.24.0.1:36394": tls: first record does not look like a TLS handshake
I suspect that there is some piece of configuration which is required for this feature to work, which I am missing. I will appreciate if anyone can help me find it.
It looks like the gateway peer is failing to connect to another endorsing peer in the network. Are you seeing any gossip communication between the peers in the logs?
Try reducing the dialTimeout to something less than the endorsementTimeout in the core.yaml and see if it connects to the other peers.

Chaincode as external service with TLS: installed but query doesn't find it?

In the Fabric docs example for a bin/release script, there's the comment
if tls_required is true, copy TLS files (using above example, the fully qualified path for these fils would be "$RELEASE"/chaincode/server/tls)
But which files should be put there? How do they have to be named? Are they referenced somewhere? Altogether I even don't understand why they're needed anyway. We already have all certficates in the connection.json on the peer side and also TLS certficates referenced by the ChaincodeServer on the chaincode side.
I'm asking because I can't invoke my chaincode and since I don't have additional certificates within the $RELEASE folder, that might cause the problem.
This is happening on chaincode query at the CLI:
$ export CORE_PEER_MSPCONFIGPATH=/config/admin/msp
$ peer chaincode query -C channel1 -n cc-abac -c '{"Args":["query","a"]}' --clientauth --tls --cafile /config/peer/tls-msp/tlscacerts/ca-cert.pem --keyfile /config/peer/tls-msp/keystore/key.pem --certfile /config/peer/tls-msp/signcerts/cert.pem
2020-07-06 07:20:55.290 UTC [msp] loadCertificateAt -> WARN 001 Failed loading ClientOU certificate at [/config/admin/msp]: [could not read file /config/admin/msp: read /config/admin/msp: is a directory]
2020-07-06 07:20:55.290 UTC [msp] loadCertificateAt -> WARN 002 Failed loading PeerOU certificate at [/config/admin/msp]: [could not read file /config/admin/msp: read /config/admin/msp: is a directory]
2020-07-06 07:20:55.290 UTC [msp] loadCertificateAt -> WARN 003 Failed loading AdminOU certificate at [/config/admin/msp]: [could not read file /config/admin/msp: read /config/admin/msp: is a directory]
2020-07-06 07:20:55.291 UTC [msp] loadCertificateAt -> WARN 004 Failed loading OrdererOU certificate at [/config/admin/msp]: [could not read file /config/admin/msp: read /config/admin/msp: is a directory]
2020-07-06 07:20:55.302 UTC [grpc] Infof -> DEBU 005 parsed scheme: ""
2020-07-06 07:20:55.302 UTC [grpc] Infof -> DEBU 006 scheme "" not registered, fallback to default scheme
2020-07-06 07:20:55.302 UTC [grpc] Infof -> DEBU 007 ccResolverWrapper: sending update to cc: {[{org1-peer1:30151 <nil> 0 <nil>}] <nil> <nil>}
2020-07-06 07:20:55.302 UTC [grpc] Infof -> DEBU 008 ClientConn switching balancer to "pick_first"
2020-07-06 07:20:55.302 UTC [grpc] Infof -> DEBU 009 Channel switches to new LB policy "pick_first"
2020-07-06 07:20:55.302 UTC [grpc] Infof -> DEBU 00a Subchannel Connectivity change to CONNECTING
2020-07-06 07:20:55.302 UTC [grpc] Infof -> DEBU 00b Subchannel picks a new address "org1-peer1:30151" to connect
2020-07-06 07:20:55.302 UTC [grpc] UpdateSubConnState -> DEBU 00c pickfirstBalancer: HandleSubConnStateChange: 0xc0001aff40, {CONNECTING <nil>}
2020-07-06 07:20:55.302 UTC [grpc] Infof -> DEBU 00d Channel Connectivity change to CONNECTING
2020-07-06 07:20:55.310 UTC [grpc] Infof -> DEBU 00e Subchannel Connectivity change to READY
2020-07-06 07:20:55.310 UTC [grpc] UpdateSubConnState -> DEBU 00f pickfirstBalancer: HandleSubConnStateChange: 0xc0001aff40, {READY <nil>}
2020-07-06 07:20:55.310 UTC [grpc] Infof -> DEBU 010 Channel Connectivity change to READY
2020-07-06 07:20:55.315 UTC [grpc] Infof -> DEBU 011 parsed scheme: ""
2020-07-06 07:20:55.315 UTC [grpc] Infof -> DEBU 012 scheme "" not registered, fallback to default scheme
2020-07-06 07:20:55.315 UTC [grpc] Infof -> DEBU 013 ccResolverWrapper: sending update to cc: {[{org1-peer1:30151 <nil> 0 <nil>}] <nil> <nil>}
2020-07-06 07:20:55.315 UTC [grpc] Infof -> DEBU 014 ClientConn switching balancer to "pick_first"
2020-07-06 07:20:55.315 UTC [grpc] Infof -> DEBU 015 Channel switches to new LB policy "pick_first"
2020-07-06 07:20:55.315 UTC [grpc] Infof -> DEBU 016 Subchannel Connectivity change to CONNECTING
2020-07-06 07:20:55.315 UTC [grpc] Infof -> DEBU 017 Subchannel picks a new address "org1-peer1:30151" to connect
2020-07-06 07:20:55.315 UTC [grpc] UpdateSubConnState -> DEBU 018 pickfirstBalancer: HandleSubConnStateChange: 0xc0003447f0, {CONNECTING <nil>}
2020-07-06 07:20:55.315 UTC [grpc] Infof -> DEBU 019 Channel Connectivity change to CONNECTING
2020-07-06 07:20:55.320 UTC [grpc] Infof -> DEBU 01a Subchannel Connectivity change to READY
2020-07-06 07:20:55.320 UTC [grpc] UpdateSubConnState -> DEBU 01b pickfirstBalancer: HandleSubConnStateChange: 0xc0003447f0, {READY <nil>}
2020-07-06 07:20:55.320 UTC [grpc] Infof -> DEBU 01c Channel Connectivity change to READY
Error: endorsement failure during query. response: status:500 message:"make sure the chaincode cc-abac has been successfully defined on channel channel1 and try again: chaincode definition for 'cc-abac' exists, but chaincode is not installed"
Ok, let's check if it's installed:
$ peer lifecycle chaincode queryinstalled
2020-07-06 07:27:54.192 UTC [msp] loadCertificateAt -> WARN 001 Failed loading ClientOU certificate at [/config/admin/msp]: [could not read file /config/admin/msp: read /config/admin/msp: is a directory]
2020-07-06 07:27:54.192 UTC [msp] loadCertificateAt -> WARN 002 Failed loading PeerOU certificate at [/config/admin/msp]: [could not read file /config/admin/msp: read /config/admin/msp: is a directory]
2020-07-06 07:27:54.192 UTC [msp] loadCertificateAt -> WARN 003 Failed loading AdminOU certificate at [/config/admin/msp]: [could not read file /config/admin/msp: read /config/admin/msp: is a directory]
2020-07-06 07:27:54.193 UTC [msp] loadCertificateAt -> WARN 004 Failed loading OrdererOU certificate at [/config/admin/msp]: [could not read file /config/admin/msp: read /config/admin/msp: is a directory]
2020-07-06 07:27:54.201 UTC [grpc] Infof -> DEBU 005 parsed scheme: ""
2020-07-06 07:27:54.201 UTC [grpc] Infof -> DEBU 006 scheme "" not registered, fallback to default scheme
2020-07-06 07:27:54.201 UTC [grpc] Infof -> DEBU 007 ccResolverWrapper: sending update to cc: {[{org1-peer1:30151 <nil> 0 <nil>}] <nil> <nil>}
2020-07-06 07:27:54.201 UTC [grpc] Infof -> DEBU 008 ClientConn switching balancer to "pick_first"
2020-07-06 07:27:54.201 UTC [grpc] Infof -> DEBU 009 Channel switches to new LB policy "pick_first"
2020-07-06 07:27:54.201 UTC [grpc] Infof -> DEBU 00a Subchannel Connectivity change to CONNECTING
2020-07-06 07:27:54.202 UTC [grpc] Infof -> DEBU 00b Subchannel picks a new address "org1-peer1:30151" to connect
2020-07-06 07:27:54.202 UTC [grpc] UpdateSubConnState -> DEBU 00c pickfirstBalancer: HandleSubConnStateChange: 0xc000447800, {CONNECTING <nil>}
2020-07-06 07:27:54.202 UTC [grpc] Infof -> DEBU 00d Channel Connectivity change to CONNECTING
2020-07-06 07:27:54.209 UTC [grpc] Infof -> DEBU 00e Subchannel Connectivity change to READY
2020-07-06 07:27:54.209 UTC [grpc] UpdateSubConnState -> DEBU 00f pickfirstBalancer: HandleSubConnStateChange: 0xc000447800, {READY <nil>}
2020-07-06 07:27:54.209 UTC [grpc] Infof -> DEBU 010 Channel Connectivity change to READY
2020-07-06 07:27:54.213 UTC [grpc] Infof -> DEBU 011 parsed scheme: ""
2020-07-06 07:27:54.213 UTC [grpc] Infof -> DEBU 012 scheme "" not registered, fallback to default scheme
2020-07-06 07:27:54.213 UTC [grpc] Infof -> DEBU 013 ccResolverWrapper: sending update to cc: {[{org1-peer1:30151 <nil> 0 <nil>}] <nil> <nil>}
2020-07-06 07:27:54.213 UTC [grpc] Infof -> DEBU 014 ClientConn switching balancer to "pick_first"
2020-07-06 07:27:54.213 UTC [grpc] Infof -> DEBU 015 Channel switches to new LB policy "pick_first"
2020-07-06 07:27:54.213 UTC [grpc] Infof -> DEBU 016 Subchannel Connectivity change to CONNECTING
2020-07-06 07:27:54.213 UTC [grpc] Infof -> DEBU 017 Subchannel picks a new address "org1-peer1:30151" to connect
2020-07-06 07:27:54.213 UTC [grpc] UpdateSubConnState -> DEBU 018 pickfirstBalancer: HandleSubConnStateChange: 0xc0000da8f0, {CONNECTING <nil>}
2020-07-06 07:27:54.213 UTC [grpc] Infof -> DEBU 019 Channel Connectivity change to CONNECTING
2020-07-06 07:27:54.219 UTC [grpc] Infof -> DEBU 01a Subchannel Connectivity change to READY
2020-07-06 07:27:54.219 UTC [grpc] UpdateSubConnState -> DEBU 01b pickfirstBalancer: HandleSubConnStateChange: 0xc0000da8f0, {READY <nil>}
2020-07-06 07:27:54.219 UTC [grpc] Infof -> DEBU 01c Channel Connectivity change to READY
Installed chaincodes on peer:
Package ID: cc-abac:7f7a2b755874ef0c72e6d1eb467f6e65afb488994c80a75f3c5712fcdc9ee095, Label: cc-abac
So it's installed but the query command doesn't find it?
And yes - it's installed on the correct channel:
$ peer lifecycle chaincode querycommitted --channelID channel1 --name cc-abac --cafile /config/peer/tls-msp/tlscacerts/ca-cert.pem
Committed chaincode definition for chaincode 'cc-abac' on channel 'channel1':
Version: 1.0, Sequence: 1, Endorsement Plugin: escc, Validation Plugin: vscc, Approvals: [Org1MSP: true, Org2MSP: true, Org3MSP: true]
This is the peer log at the time of the query:
[36m2020-07-06 07:31:23.605 UTC [lockbasedtxmgr] NewTxSimulator -> DEBU 12a6[0m constructing new tx simulator
[36m2020-07-06 07:31:23.605 UTC [lockbasedtxmgr] newLockBasedTxSimulator -> DEBU 12a7[0m constructing new tx simulator txid = [ed5b5de845b99b8b126e1b10d05df3849b9b108c83435f4225fc47c9a3b841c7]
[36m2020-07-06 07:31:23.605 UTC [stateleveldb] GetState -> DEBU 12a8[0m GetState(). ns=_lifecycle, key=namespaces/fields/cc-abac/Sequence
[36m2020-07-06 07:31:23.605 UTC [lockbasedtxmgr] Done -> DEBU 12a9[0m Done with transaction simulation / query execution [ed5b5de845b99b8b126e1b10d05df3849b9b108c83435f4225fc47c9a3b841c7]
[34m2020-07-06 07:31:23.605 UTC [comm.grpc.server] 1 -> INFO 12aa[0m unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=10.131.0.100:51580 grpc.peer_subject="CN=org1-peer1,OU=peer,O=Hyperledger,ST=North Carolina,C=US" grpc.code=OK grpc.call_duration=2.128156ms
[36m2020-07-06 07:31:23.608 UTC [grpc] infof -> DEBU 12ab[0m transport: loopyWriter.run returning. connection error: desc = "transport is closing"
[36m2020-07-06 07:31:23.608 UTC [grpc] warningf -> DEBU 12ac[0m transport: http2Server.HandleStreams failed to read frame: read tcp 10.130.1.219:7051->10.131.0.100:51580: read: connection reset by peer
[36m2020-07-06 07:31:23.608 UTC [grpc] infof -> DEBU 12ad[0m transport: loopyWriter.run returning. connection error: desc = "transport is closing"
10.131.0.100 is the calling CLI and 10.130.1.219 is the peer. So is there a connection problem between CLI and Peer?
Coming back to the first paragraph of this question - this is the connection.json available to the peer:
{
"address": "org1-cc1:31101",
"dial_timeout": "10s",
"tls_required": "true",
"client_auth_required": "true",
"client_key": "-----BEGIN PRIVATE KEY-----\nxxx\nxxx\nxxx\n-----END PRIVATE KEY-----",
"client_cert": "-----BEGIN CERTIFICATE-----\nxxx/xxx\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx/xxxn\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx=\n-----END CERTIFICATE-----",
"root_cert": "-----BEGIN CERTIFICATE-----\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx\nxxx\n-----END CERTIFICATE-----"
}
Of course, xxx are just placeholders ;)
The Chaincode main() looks as follows:
func main() {
keyFile := os.Getenv("CHAINCODE_TLS_KEY_FILE")
key, err := ioutil.ReadFile(keyFile)
check(err)
certFile := os.Getenv("CHAINCODE_TLS_CERT_FILE")
cert, err := ioutil.ReadFile(certFile)
check(err)
caFile := os.Getenv("CHAINCODE_TLS_CACERT_FILE")
ca, err := ioutil.ReadFile(caFile)
check(err)
server := &shim.ChaincodeServer{
CCID: os.Getenv("CHAINCODE_CCID"),
Address: "0.0.0.0:9999",
CC: new(SimpleChaincode),
TLSProps: shim.TLSProperties{
Disabled: false,
Key: key,
Cert: cert,
ClientCACerts: ca,
},
}
err = server.Start()
if err != nil {
fmt.Printf("Error starting Simple chaincode: %s", err)
}
}

Error : issue while using createChannel command

I've been following the tutorial for the Hyperledger Fabric development
but i have this error message while trying the command ./network.sh createChannel:
Error: failed to create deliver client for orderer: orderer client failed to connect to localhost:7050: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp [::1]:7050: connectex: Aucune connexion n’a pu être établie car l’ordinateur cible l’a expressément refusée."
!!!!!!!!!!!!!!! Channel creation failed !!!!!!!!!!!!!!!!
The French part means that no connection can be established cause the targeted computer has refused it.
After searching a bit there might be an issue with the ports or ip addresses but not sure.
My logs for the different components :
Orderer service :
2020-05-27 09:13:16.388 UTC [localconfig] completeInitialization -> WARN 001 General.GenesisFile should be replaced by General.BootstrapFile
2020-05-27 09:13:16.389 UTC [localconfig] completeInitialization -> INFO 002 Kafka.Version unset, setting to 0.10.2.0
2020-05-27 09:13:16.389 UTC [orderer.common.server] prettyPrintStruct -> INFO 003 Orderer config values:
General.ListenAddress = "0.0.0.0"
General.ListenPort = 7050
General.TLS.Enabled = true
General.TLS.PrivateKey = "/var/hyperledger/orderer/tls/server.key"
General.TLS.Certificate = "/var/hyperledger/orderer/tls/server.crt"
General.TLS.RootCAs = [/var/hyperledger/orderer/tls/ca.crt]
General.TLS.ClientAuthRequired = false
General.TLS.ClientRootCAs = []
General.Cluster.ListenAddress = ""
General.Cluster.ListenPort = 0
General.Cluster.ServerCertificate = ""
General.Cluster.ServerPrivateKey = ""
General.Cluster.ClientCertificate = "/var/hyperledger/orderer/tls/server.crt"
General.Cluster.ClientPrivateKey = "/var/hyperledger/orderer/tls/server.key"
General.Cluster.RootCAs = [/var/hyperledger/orderer/tls/ca.crt]
General.Cluster.DialTimeout = 5s
General.Cluster.RPCTimeout = 7s
General.Cluster.ReplicationBufferSize = 20971520
General.Cluster.ReplicationPullTimeout = 5s
General.Cluster.ReplicationRetryTimeout = 5s
General.Cluster.ReplicationBackgroundRefreshInterval = 5m0s
General.Cluster.ReplicationMaxRetries = 12
General.Cluster.SendBufferSize = 10
General.Cluster.CertExpirationWarningThreshold = 168h0m0s
General.Cluster.TLSHandshakeTimeShift = 0s
General.Keepalive.ServerMinInterval = 1m0s
General.Keepalive.ServerInterval = 2h0m0s
General.Keepalive.ServerTimeout = 20s
General.ConnectionTimeout = 0s
General.GenesisMethod = "file"
General.GenesisFile = "/var/hyperledger/orderer/orderer.genesis.block"
General.BootstrapMethod = "file"
General.BootstrapFile = "/var/hyperledger/orderer/orderer.genesis.block"
General.Profile.Enabled = false
General.Profile.Address = "0.0.0.0:6060"
General.LocalMSPDir = "/var/hyperledger/orderer/msp"
General.LocalMSPID = "OrdererMSP"
General.BCCSP.ProviderName = "SW"
General.BCCSP.SwOpts.SecLevel = 256
General.BCCSP.SwOpts.HashFamily = "SHA2"
General.BCCSP.SwOpts.Ephemeral = true
General.BCCSP.SwOpts.FileKeystore.KeyStorePath = ""
General.BCCSP.SwOpts.DummyKeystore =
General.BCCSP.SwOpts.InmemKeystore =
General.Authentication.TimeWindow = 15m0s
General.Authentication.NoExpirationChecks = false
FileLedger.Location = "/var/hyperledger/production/orderer"
FileLedger.Prefix = "hyperledger-fabric-ordererledger"
Kafka.Retry.ShortInterval = 5s
Kafka.Retry.ShortTotal = 10m0s
Kafka.Retry.LongInterval = 5m0s
Kafka.Retry.LongTotal = 12h0m0s
Kafka.Retry.NetworkTimeouts.DialTimeout = 10s
Kafka.Retry.NetworkTimeouts.ReadTimeout = 10s
Kafka.Retry.NetworkTimeouts.WriteTimeout = 10s
Kafka.Retry.Metadata.RetryMax = 3
Kafka.Retry.Metadata.RetryBackoff = 250ms
Kafka.Retry.Producer.RetryMax = 3
Kafka.Retry.Producer.RetryBackoff = 100ms
Kafka.Retry.Consumer.RetryBackoff = 2s
Kafka.Verbose = true
Kafka.Version = 0.10.2.0
Kafka.TLS.Enabled = false
Kafka.TLS.PrivateKey = ""
Kafka.TLS.Certificate = ""
Kafka.TLS.RootCAs = []
Kafka.TLS.ClientAuthRequired = false
Kafka.TLS.ClientRootCAs = []
Kafka.SASLPlain.Enabled = false
Kafka.SASLPlain.User = ""
Kafka.SASLPlain.Password = ""
Kafka.Topic.ReplicationFactor = 1
Debug.BroadcastTraceDir = ""
Debug.DeliverTraceDir = ""
Consensus = map[SnapDir:/var/hyperledger/production/orderer/etcdraft/snapshot WALDir:/var/hyperledger/production/orderer/etcdraft/wal]
Operations.ListenAddress = "127.0.0.1:8443"
Operations.TLS.Enabled = false
Operations.TLS.PrivateKey = ""
Operations.TLS.Certificate = ""
Operations.TLS.RootCAs = []
Operations.TLS.ClientAuthRequired = false
Operations.TLS.ClientRootCAs = []
Metrics.Provider = "disabled"
Metrics.Statsd.Network = "udp"
Metrics.Statsd.Address = "127.0.0.1:8125"
Metrics.Statsd.WriteInterval = 30s
Metrics.Statsd.Prefix = ""
2020-05-27 09:13:16.400 UTC [msp] loadCertificateAt -> WARN 004 Failed loading ClientOU certificate at [/var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem]: [could not read file /var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem: open /var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.400 UTC [msp] loadCertificateAt -> WARN 005 Failed loading PeerOU certificate at [/var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem]: [could not read file /var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem: open /var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.400 UTC [msp] loadCertificateAt -> WARN 006 Failed loading AdminOU certificate at [/var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem]: [could not read file /var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem: open /var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.400 UTC [msp] loadCertificateAt -> WARN 007 Failed loading OrdererOU certificate at [/var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem]: [could not read file /var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem: open /var/hyperledger/orderer/msp/cacerts\ca.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.434 UTC [orderer.common.server] initializeServerConfig -> INFO 008 Starting orderer with TLS enabled
2020-05-27 09:13:16.441 UTC [fsblkstorage] NewProvider -> INFO 009 Creating new file ledger directory at /var/hyperledger/production/orderer/chains
2020-05-27 09:13:16.464 UTC [orderer.common.server] extractSysChanLastConfig -> INFO 00a Bootstrapping because no existing channels
2020-05-27 09:13:16.483 UTC [orderer.common.server] Main -> INFO 00b Setting up cluster for orderer type etcdraft
2020-05-27 09:13:16.490 UTC [orderer.common.server] reuseListener -> INFO 00c Cluster listener is not configured, defaulting to use the general listener on port 7050
2020-05-27 09:13:16.490 UTC [fsblkstorage] newBlockfileMgr -> INFO 00d Getting block information from block storage
2020-05-27 09:13:16.529 UTC [orderer.consensus.etcdraft] HandleChain -> INFO 00e EvictionSuspicion not set, defaulting to 10m0s
2020-05-27 09:13:16.530 UTC [orderer.consensus.etcdraft] createOrReadWAL -> INFO 00f No WAL data found, creating new WAL at path '/var/hyperledger/production/orderer/etcdraft/wal/system-channel' channel=system-channel node=1
2020-05-27 09:13:16.536 UTC [orderer.commmon.multichannel] Initialize -> INFO 010 Starting system channel 'system-channel' with genesis block hash 22c93e29c38e9681f960d390fda12c72869fc9ebfebf0a6d1c15f60198b13119 and orderer type etcdraft
2020-05-27 09:13:16.537 UTC [orderer.consensus.etcdraft] Start -> INFO 011 Starting Raft node channel=system-channel node=1
2020-05-27 09:13:16.537 UTC [orderer.common.cluster] Configure -> INFO 012 Entering, channel: system-channel, nodes: []
2020-05-27 09:13:16.537 UTC [orderer.common.cluster] Configure -> INFO 013 Exiting
2020-05-27 09:13:16.537 UTC [orderer.consensus.etcdraft] start -> INFO 014 Starting raft node as part of a new channel channel=system-channel node=1
2020-05-27 09:13:16.537 UTC [orderer.consensus.etcdraft] becomeFollower -> INFO 015 1 became follower at term 0 channel=system-channel node=1
2020-05-27 09:13:16.538 UTC [orderer.consensus.etcdraft] newRaft -> INFO 016 newRaft 1 [peers: [], term: 0, commit: 0, applied: 0, lastindex: 0, lastterm: 0] channel=system-channel node=1
2020-05-27 09:13:16.538 UTC [orderer.consensus.etcdraft] becomeFollower -> INFO 017 1 became follower at term 1 channel=system-channel node=1
2020-05-27 09:13:16.538 UTC [orderer.common.server] Main -> INFO 018 Starting orderer:
Version: 2.1.0
Commit SHA: 1bdf975
Go version: go1.14.1
OS/Arch: linux/amd64
2020-05-27 09:13:16.538 UTC [orderer.common.server] Main -> INFO 019 Beginning to serve requests
2020-05-27 09:13:16.538 UTC [orderer.consensus.etcdraft] run -> INFO 01a This node is picked to start campaign channel=system-channel node=1
2020-05-27 09:13:16.539 UTC [orderer.consensus.etcdraft] apply -> INFO 01b Applied config change to add node 1, current nodes in channel: [1] channel=system-channel node=1
2020-05-27 09:13:17.539 UTC [orderer.consensus.etcdraft] Step -> INFO 01c 1 is starting a new election at term 1 channel=system-channel node=1
2020-05-27 09:13:17.540 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 01d 1 became pre-candidate at term 1 channel=system-channel node=1
2020-05-27 09:13:17.540 UTC [orderer.consensus.etcdraft] poll -> INFO 01e 1 received MsgPreVoteResp from 1 at term 1 channel=system-channel node=1
2020-05-27 09:13:17.540 UTC [orderer.consensus.etcdraft] becomeCandidate -> INFO 01f 1 became candidate at term 2 channel=system-channel node=1
2020-05-27 09:13:17.541 UTC [orderer.consensus.etcdraft] poll -> INFO 020 1 received MsgVoteResp from 1 at term 2 channel=system-channel node=1
2020-05-27 09:13:17.541 UTC [orderer.consensus.etcdraft] becomeLeader -> INFO 021 1 became leader at term 2 channel=system-channel node=1
2020-05-27 09:13:17.541 UTC [orderer.consensus.etcdraft] run -> INFO 022 raft.node: 1 elected leader 1 at term 2 channel=system-channel node=1
2020-05-27 09:13:17.542 UTC [orderer.consensus.etcdraft] run -> INFO 023 Leader 1 is present, quit campaign channel=system-channel node=1
2020-05-27 09:13:17.543 UTC [orderer.consensus.etcdraft] run -> INFO 024 Raft leader changed: 0 -> 1 channel=system-channel node=1
2020-05-27 09:13:17.543 UTC [orderer.consensus.etcdraft] run -> INFO 025 Start accepting requests as Raft leader at block [0] channel=system-channel node=1
Peer 1 :
2020-05-27 09:13:16.435 UTC [msp] loadCertificateAt -> WARN 001 Failed loading ClientOU certificate at [/etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem]: [could not read file /etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem: open /etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.435 UTC [msp] loadCertificateAt -> WARN 002 Failed loading PeerOU certificate at [/etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem]: [could not read file /etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem: open /etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.435 UTC [msp] loadCertificateAt -> WARN 003 Failed loading AdminOU certificate at [/etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem]: [could not read file /etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem: open /etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.436 UTC [msp] loadCertificateAt -> WARN 004 Failed loading OrdererOU certificate at [/etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem]: [could not read file /etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem: open /etc/hyperledger/fabric/msp/cacerts\ca.org1.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.441 UTC [nodeCmd] serve -> INFO 005 Starting peer:
Version: 2.1.0
Commit SHA: 1bdf975
Go version: go1.14.1
OS/Arch: linux/amd64
Chaincode:
Base Docker Label: org.hyperledger.fabric
Docker Namespace: hyperledger
2020-05-27 09:13:16.442 UTC [peer] getLocalAddress -> INFO 006 Auto-detected peer address: 172.18.0.3:7051
2020-05-27 09:13:16.442 UTC [peer] getLocalAddress -> INFO 007 Returning peer0.org1.example.com:7051
2020-05-27 09:13:16.469 UTC [nodeCmd] initGrpcSemaphores -> INFO 008 concurrency limit for endorser service is 2500
2020-05-27 09:13:16.470 UTC [nodeCmd] initGrpcSemaphores -> INFO 009 concurrency limit for deliver service is 2500
2020-05-27 09:13:16.470 UTC [nodeCmd] serve -> INFO 00a Starting peer with TLS enabled
2020-05-27 09:13:16.500 UTC [ledgermgmt] NewLedgerMgr -> INFO 00b Initializing LedgerMgr
2020-05-27 09:13:16.513 UTC [leveldbhelper] openDBAndCheckFormat -> INFO 00c DB is empty Setting db format as 2.0
2020-05-27 09:13:16.514 UTC [fsblkstorage] NewProvider -> INFO 00d Creating new file ledger directory at /var/hyperledger/production/ledgersData/chains/chains
2020-05-27 09:13:16.521 UTC [leveldbhelper] openDBAndCheckFormat -> INFO 00e DB is empty Setting db format as 2.0
2020-05-27 09:13:16.535 UTC [leveldbhelper] openDBAndCheckFormat -> INFO 00f DB is empty Setting db format as 2.0
2020-05-27 09:13:16.536 UTC [ledgermgmt] NewLedgerMgr -> INFO 010 Initialized LedgerMgr
2020-05-27 09:13:16.547 UTC [gossip.service] New -> INFO 011 Initialize gossip with endpoint peer0.org1.example.com:7051
2020-05-27 09:13:16.549 UTC [gossip.gossip] New -> INFO 012 Creating gossip service with self membership of Endpoint: peer0.org1.example.com:7051, InternalEndpoint: peer0.org1.example.com:7051, PKI-ID: 58df3c0a908cbbd073a6b4138ef676c652aaab118fb99179d7304206f63a0207, Metadata:
2020-05-27 09:13:16.550 UTC [lifecycle] InitializeLocalChaincodes -> INFO 013 Initialized lifecycle cache with 0 already installed chaincodes
2020-05-27 09:13:16.550 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 014 Entering computeChaincodeEndpoint with peerHostname: peer0.org1.example.com
2020-05-27 09:13:16.550 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 015 Exit with ccEndpoint: peer0.org1.example.com:7052
2020-05-27 09:13:16.550 UTC [gossip.gossip] start -> INFO 016 Gossip instance peer0.org1.example.com:7051 started
2020-05-27 09:13:16.560 UTC [sccapi] DeploySysCC -> INFO 017 deploying system chaincode 'lscc'
2020-05-27 09:13:16.560 UTC [sccapi] DeploySysCC -> INFO 018 deploying system chaincode 'cscc'
2020-05-27 09:13:16.560 UTC [sccapi] DeploySysCC -> INFO 019 deploying system chaincode 'qscc'
2020-05-27 09:13:16.560 UTC [sccapi] DeploySysCC -> INFO 01a deploying system chaincode '_lifecycle'
2020-05-27 09:13:16.560 UTC [nodeCmd] serve -> INFO 01b Deployed system chaincodes
2020-05-27 09:13:16.560 UTC [discovery] NewService -> INFO 01c Created with config TLS: true, authCacheMaxSize: 1000, authCachePurgeRatio: 0.750000
2020-05-27 09:13:16.560 UTC [nodeCmd] registerDiscoveryService -> INFO 01d Discovery service activated
2020-05-27 09:13:16.560 UTC [nodeCmd] serve -> INFO 01e Starting peer with ID=[peer0.org1.example.com], network ID=[dev], address=[peer0.org1.example.com:7051]
2020-05-27 09:13:16.560 UTC [nodeCmd] serve -> INFO 01f Started peer with ID=[peer0.org1.example.com], network ID=[dev], address=[peer0.org1.example.com:7051]
2020-05-27 09:13:16.560 UTC [kvledger] LoadPreResetHeight -> INFO 020 Loading prereset height from path [/var/hyperledger/production/ledgersData/chains]
2020-05-27 09:13:16.561 UTC [fsblkstorage] preResetHtFiles -> INFO 021 No active channels passed
2020-05-27 09:13:16.561 UTC [nodeCmd] func6 -> INFO 022 Starting profiling server with listenAddress = 0.0.0.0:6060
Peer 2 :
2020-05-27 09:13:16.409 UTC [msp] loadCertificateAt -> WARN 001 Failed loading ClientOU certificate at [/etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem]: [could not read file /etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem: open /etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.410 UTC [msp] loadCertificateAt -> WARN 002 Failed loading PeerOU certificate at [/etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem]: [could not read file /etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem: open /etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.410 UTC [msp] loadCertificateAt -> WARN 003 Failed loading AdminOU certificate at [/etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem]: [could not read file /etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem: open /etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.410 UTC [msp] loadCertificateAt -> WARN 004 Failed loading OrdererOU certificate at [/etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem]: [could not read file /etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem: open /etc/hyperledger/fabric/msp/cacerts\ca.org2.example.com-cert.pem: no such file or directory]
2020-05-27 09:13:16.420 UTC [nodeCmd] serve -> INFO 005 Starting peer:
Version: 2.1.0
Commit SHA: 1bdf975
Go version: go1.14.1
OS/Arch: linux/amd64
Chaincode:
Base Docker Label: org.hyperledger.fabric
Docker Namespace: hyperledger
2020-05-27 09:13:16.421 UTC [peer] getLocalAddress -> INFO 006 Auto-detected peer address: 172.18.0.2:9051
2020-05-27 09:13:16.421 UTC [peer] getLocalAddress -> INFO 007 Returning peer0.org2.example.com:9051
2020-05-27 09:13:16.433 UTC [nodeCmd] initGrpcSemaphores -> INFO 008 concurrency limit for endorser service is 2500
2020-05-27 09:13:16.434 UTC [nodeCmd] initGrpcSemaphores -> INFO 009 concurrency limit for deliver service is 2500
2020-05-27 09:13:16.434 UTC [nodeCmd] serve -> INFO 00a Starting peer with TLS enabled
2020-05-27 09:13:16.472 UTC [ledgermgmt] NewLedgerMgr -> INFO 00b Initializing LedgerMgr
2020-05-27 09:13:16.492 UTC [leveldbhelper] openDBAndCheckFormat -> INFO 00c DB is empty Setting db format as 2.0
2020-05-27 09:13:16.493 UTC [fsblkstorage] NewProvider -> INFO 00d Creating new file ledger directory at /var/hyperledger/production/ledgersData/chains/chains
2020-05-27 09:13:16.501 UTC [leveldbhelper] openDBAndCheckFormat -> INFO 00e DB is empty Setting db format as 2.0
2020-05-27 09:13:16.528 UTC [leveldbhelper] openDBAndCheckFormat -> INFO 00f DB is empty Setting db format as 2.0
2020-05-27 09:13:16.528 UTC [ledgermgmt] NewLedgerMgr -> INFO 010 Initialized LedgerMgr
2020-05-27 09:13:16.542 UTC [gossip.service] New -> INFO 011 Initialize gossip with endpoint peer0.org2.example.com:9051
2020-05-27 09:13:16.547 UTC [gossip.gossip] New -> INFO 012 Creating gossip service with self membership of Endpoint: peer0.org2.example.com:9051, InternalEndpoint: peer0.org2.example.com:9051, PKI-ID: c7429efa7a899a8b3644235bc56251ffbfb45fe3f55fc0a4d199fd03b1521df4, Metadata:
2020-05-27 09:13:16.547 UTC [lifecycle] InitializeLocalChaincodes -> INFO 013 Initialized lifecycle cache with 0 already installed chaincodes
2020-05-27 09:13:16.548 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 014 Entering computeChaincodeEndpoint with peerHostname: peer0.org2.example.com
2020-05-27 09:13:16.548 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 015 Exit with ccEndpoint: peer0.org2.example.com:9052
2020-05-27 09:13:16.549 UTC [gossip.gossip] start -> INFO 016 Gossip instance peer0.org2.example.com:9051 started
2020-05-27 09:13:16.555 UTC [sccapi] DeploySysCC -> INFO 017 deploying system chaincode 'lscc'
2020-05-27 09:13:16.558 UTC [sccapi] DeploySysCC -> INFO 018 deploying system chaincode 'cscc'
2020-05-27 09:13:16.558 UTC [sccapi] DeploySysCC -> INFO 019 deploying system chaincode 'qscc'
2020-05-27 09:13:16.559 UTC [sccapi] DeploySysCC -> INFO 01a deploying system chaincode '_lifecycle'
2020-05-27 09:13:16.559 UTC [nodeCmd] serve -> INFO 01b Deployed system chaincodes
2020-05-27 09:13:16.559 UTC [discovery] NewService -> INFO 01c Created with config TLS: true, authCacheMaxSize: 1000, authCachePurgeRatio: 0.750000
2020-05-27 09:13:16.559 UTC [nodeCmd] registerDiscoveryService -> INFO 01d Discovery service activated
2020-05-27 09:13:16.559 UTC [nodeCmd] serve -> INFO 01e Starting peer with ID=[peer0.org2.example.com], network ID=[dev], address=[peer0.org2.example.com:9051]
2020-05-27 09:13:16.559 UTC [nodeCmd] serve -> INFO 01f Started peer with ID=[peer0.org2.example.com], network ID=[dev], address=[peer0.org2.example.com:9051]
2020-05-27 09:13:16.559 UTC [kvledger] LoadPreResetHeight -> INFO 020 Loading prereset height from path [/var/hyperledger/production/ledgersData/chains]
2020-05-27 09:13:16.559 UTC [fsblkstorage] preResetHtFiles -> INFO 021 No active channels passed
2020-05-27 09:13:16.559 UTC [nodeCmd] func6 -> INFO 022 Starting profiling server with listenAddress = 0.0.0.0:6060
There are also several warnings but don't really know their meaning.
I've tried to relaunch docker as admin , also tried to relaunch the network.

Container cli is not running,when using couchdb hyperledger fabric

I want to use chaincode-docker-devmode in fabric-samples to test my chaincode, but when I add couchdb in docker-compose-simple.yaml like this:
version: '2'
services:
orderer:
container_name: orderer
image: hyperledger/fabric-orderer
environment:
- FABRIC_LOGGING_SPEC=debug
- ORDERER_GENERAL_LISTENADDRESS=orderer
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=orderer.block
- ORDERER_GENERAL_LOCALMSPID=DEFAULT
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp
- GRPC_TRACE=all=true,
- GRPC_VERBOSITY=debug
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./msp:/etc/hyperledger/msp
- ./orderer.block:/etc/hyperledger/fabric/orderer.block
ports:
- 7050:7050
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb
environment:
- COUCHDB_USER=
- COUCHDB_PASSWORD=
ports:
- 5984:5984
peer:
container_name: peer
image: hyperledger/fabric-peer
dns_search: .
environment:
- CORE_PEER_ID=peer
- CORE_PEER_ADDRESS=peer:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer:7051
- CORE_PEER_LOCALMSPID=DEFAULT
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
volumes:
- /var/run/:/host/var/run/
- ./msp:/etc/hyperledger/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
depends_on:
- orderer
- couchdb
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer:7051
- CORE_PEER_LOCALMSPID=DEFAULT
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp
working_dir: /opt/gopath/src/chaincodedev
command: /bin/bash -c './script.sh ; sleep 20'
volumes:
- /var/run/:/host/var/run/
- ./msp:/etc/hyperledger/msp
- ./../chaincode:/opt/gopath/src/chaincodedev/chaincode
- ./:/opt/gopath/src/chaincodedev/
depends_on:
- orderer
- peer
chaincode:
container_name: chaincode
image: hyperledger/fabric-ccenv
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=example02
- CORE_PEER_ADDRESS=peer:7051
- CORE_PEER_LOCALMSPID=DEFAULT
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp
working_dir: /opt/gopath/src/chaincode
command: /bin/bash -c 'sleep 6000000'
volumes:
- /var/run/:/host/var/run/
- ./msp:/etc/hyperledger/msp
- ./../chaincode:/opt/gopath/src/chaincode
depends_on:
- orderer
- peer
When I start the containers, using
docker-compose -f docker-compose-simple.yaml up
Container cil will return the error:
Error: error getting endorser client for channel: endorser client failed to connect to peer:7051: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp 172.29.0.4:7051: connect: connection refused"
some same errors are solve by add command:sleep in script,
command: /bin/bash -c 'sleep 6000000'
but my Container still return same error.
peer container's logs
2020-04-13 09:01:28.850 UTC [inproccontroller] getInstance -> DEBU 0f5 chaincode instance created for qscc-1.4.1
2020-04-13 09:01:28.850 UTC [inproccontroller] func2 -> DEBU 0f6 chaincode-support started for qscc-1.4.1
2020-04-13 09:01:28.850 UTC [inproccontroller] func1 -> DEBU 0f7 chaincode started for qscc-1.4.1
2020-04-13 09:01:28.851 UTC [chaincode] handleMessage -> DEBU 0f8 [] Fabric side handling ChaincodeMessage of type: REGISTER in state created
2020-04-13 09:01:28.851 UTC [chaincode] HandleRegister -> DEBU 0f9 Received REGISTER in state created
2020-04-13 09:01:28.851 UTC [chaincode] Register -> DEBU 0fa registered handler complete for chaincode qscc:1.4.1
2020-04-13 09:01:28.851 UTC [chaincode] HandleRegister -> DEBU 0fb Got REGISTER for chaincodeID = name:"qscc:1.4.1" , sending back REGISTERED
2020-04-13 09:01:28.851 UTC [chaincode] HandleRegister -> DEBU 0fc Changed state to established for name:"qscc:1.4.1"
2020-04-13 09:01:28.851 UTC [chaincode] sendReady -> DEBU 0fd sending READY for chaincode name:"qscc:1.4.1"
2020-04-13 09:01:28.851 UTC [chaincode] sendReady -> DEBU 0fe Changed to state ready for chaincode name:"qscc:1.4.1"
2020-04-13 09:01:28.851 UTC [chaincode] Launch -> DEBU 0ff launch complete
2020-04-13 09:01:28.851 UTC [chaincode] Execute -> DEBU 100 Entry
2020-04-13 09:01:28.851 UTC [qscc] Init -> INFO 101 Init QSCC
2020-04-13 09:01:28.851 UTC [chaincode] handleMessage -> DEBU 102 [91196774] Fabric side handling ChaincodeMessage of type: COMPLETED in state ready
2020-04-13 09:01:28.852 UTC [chaincode] Notify -> DEBU 103 [91196774] notifying Txid:91196774-4c1f-4369-b977-965de44d3d1b, channelID:
2020-04-13 09:01:28.852 UTC [chaincode] Execute -> DEBU 104 Exit
2020-04-13 09:01:28.852 UTC [sccapi] deploySysCC -> INFO 105 system chaincode qscc/(github.com/hyperledger/fabric/core/scc/qscc) deployed
2020-04-13 09:01:28.852 UTC [sccapi] deploySysCC -> INFO 106 system chaincode (+lifecycle,github.com/hyperledger/fabric/core/chaincode/lifecycle) disabled
2020-04-13 09:01:28.852 UTC [nodeCmd] serve -> INFO 107 Deployed system chaincodes
2020-04-13 09:01:28.855 UTC [ccprovider] ListInstalledChaincodes -> DEBU 108 Returning []
2020-04-13 09:01:28.850 UTC [container] unlockContainer -> DEBU 109 container lock deleted(qscc-1.4.1)
2020-04-13 09:01:28.870 UTC [container] lockContainer -> DEBU 10a waiting for container(qscc-1.4.1) lock
2020-04-13 09:01:28.870 UTC [container] lockContainer -> DEBU 10b got container (qscc-1.4.1) lock
2020-04-13 09:01:28.870 UTC [container] unlockContainer -> DEBU 10c container lock deleted(qscc-1.4.1)
2020-04-13 09:01:28.880 UTC [discovery] NewService -> INFO 10d Created with config TLS: false, authCacheMaxSize: 1000, authCachePurgeRatio: 0.750000
2020-04-13 09:01:28.880 UTC [nodeCmd] registerDiscoveryService -> INFO 10e Discovery service activated
2020-04-13 09:01:28.881 UTC [nodeCmd] serve -> INFO 10f Starting peer with ID=[name:"peer" ], network ID=[dev], address=[peer:7051]
2020-04-13 09:01:28.882 UTC [nodeCmd] serve -> INFO 110 Started peer with ID=[name:"peer" ], network ID=[dev], address=[peer:7051]
2020-04-13 09:01:32.819 UTC [msp] GetDefaultSigningIdentity -> DEBU 111 Obtaining default signing identity
2020-04-13 09:01:32.819 UTC [msp.identity] Sign -> DEBU 112 Sign: plaintext: 18012A86070A2D0A09706565723A3730...455254494649434154452D2D2D2D2D0A
2020-04-13 09:01:32.819 UTC [msp.identity] Sign -> DEBU 113 Sign: digest: E3138D4C867225B5BEF15EC07062AABC2AF920CCEF7ED0545D3BB223B79F06FF
2020-04-13 09:01:32.820 UTC [msp] GetDefaultSigningIdentity -> DEBU 114 Obtaining default signing identity
2020-04-13 09:01:32.821 UTC [msp.identity] Sign -> DEBU 115 Sign: plaintext: 0A09706565723A37303531
2020-04-13 09:01:32.821 UTC [msp.identity] Sign -> DEBU 116 Sign: digest: D18B553283AFC791A71A1AB3F379E85F4599DAAE3CE5B43F6A912E5BFD23E73D
2020-04-13 09:01:33.779 UTC [msp] GetDefaultSigningIdentity -> DEBU 117 Obtaining default signing identity
2020-04-13 09:01:33.779 UTC [msp.identity] Sign -> DEBU 118 Sign: plaintext: 18012A86070A2D0A09706565723A3730...455254494649434154452D2D2D2D2D0A
2020-04-13 09:01:33.780 UTC [msp.identity] Sign -> DEBU 119 Sign: digest: EA29BD51F7F58B547912B79712CC7AE73D9CBFA0FF80817409EA7BFB1F95BF5B
2020-04-13 09:01:33.780 UTC [msp] GetDefaultSigningIdentity -> DEBU 11a Obtaining default signing identity
2020-04-13 09:01:33.780 UTC [msp.identity] Sign -> DEBU 11b Sign: plaintext: 0A09706565723A37303531
2020-04-13 09:01:33.781 UTC [msp.identity] Sign -> DEBU 11c Sign: digest: D18B553283AFC791A71A1AB3F379E85F4599DAAE3CE5B43F6A912E5BFD23E73D
2020-04-13 09:01:33.782 UTC [gossip.discovery] periodicalSendAlive -> DEBU 11d Sleeping 5s
It's part of peer container's logs, it's still running and no error in it.
Is any one have any idea?
Thanks.

channel Got error &{FORBIDDEN} while joining new peer to a channel

I created my network with a script like:
docker-compose -f $COMPOSE_FILE up -d $CA
docker-compose -f $COMPOSE_FILE up -d $ORDERER1 $PEER0 $PEER1
docker-compose -f $COMPOSE_FILE up -d $CLI
docker exec cli peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f /etc/hyperledger/config/channel.tx
The channel is created and if I enter the cli, inside the working directory, I can find with ls the new generated file beerchannel.block. In this directory I also have crypto, which contains genesis block and other config files, and crypto-config that contains msp and certificates.
At this point containers logs seems good.
Now I want to join peer0 to the channel with:
docker exec -e $ENV_ADDRESSP0 $CLI peer channel join -b $CHANNEL_NAME.block
As soon as I do this command, I cannot join peer0 to the channel.
The strange thing is that running the script return this message:
2019-11-22 10:04:00.868 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2019-11-22 10:04:00.922 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
So, everything seems fine.
But when I enter the logs of orderer, I get this message repeated:
2019-11-22 09:59:07.429 UTC [fsblkstorage] newBlockfileMgr -> INFO 009 Getting block information from block storage
2019-11-22 09:59:07.438 UTC [orderer.commmon.multichannel] newChain -> INFO 00a Created and starting new chain beerchannel
2019-11-22 09:59:07.440 UTC [comm.grpc.server] 1 -> INFO 00b streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.29.0.6:41778 grpc.code=OK grpc.call_duration=25.385144ms
2019-11-22 10:04:06.923 UTC [common.deliver] deliverBlocks -> WARN 00c [channel: beerchannel] Client authorization revoked for deliver request from 172.29.0.4:48406: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
2019-11-22 10:04:06.923 UTC [comm.grpc.server] 1 -> INFO 00d streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.29.0.4:48406 grpc.code=OK grpc.call_duration=1.001442ms
2019-11-22 10:04:07.026 UTC [common.deliver] deliverBlocks -> WARN 00e [channel: beerchannel] Client authorization revoked for deliver request from 172.29.0.4:48408: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
2019-11-22 10:04:07.026 UTC [comm.grpc.server] 1 -> INFO 00f streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.29.0.4:48408 grpc.code=OK grpc.call_duration=582.912µs
Since the peer involved is peer0, I also entered in peer0 logs and found this errors:
2019-11-22 10:04:00.870 UTC [endorser] callChaincode -> INFO 029 [][ec4f5097] Entry chaincode: name:"cscc"
2019-11-22 10:04:00.870 UTC [ledgermgmt] CreateLedger -> INFO 02a Creating ledger [beerchannel] with genesis block
2019-11-22 10:04:00.874 UTC [fsblkstorage] newBlockfileMgr -> INFO 02b Getting block information from block storage
2019-11-22 10:04:00.896 UTC [kvledger] CommitWithPvtData -> INFO 02c [beerchannel] Committed block [0] with 1 transaction(s) in 16ms (state_validation=0ms block_and_pvtdata_commit=10ms state_commit=2ms) commitHash=[]
2019-11-22 10:04:00.899 UTC [ledgermgmt] CreateLedger -> INFO 02d Created ledger [beerchannel] with genesis block
2019-11-22 10:04:00.902 UTC [gossip.gossip] JoinChan -> INFO 02e Joining gossip network of channel beerchannel with 1 organizations
2019-11-22 10:04:00.902 UTC [gossip.gossip] learnAnchorPeers -> INFO 02f No configured anchor peers of Org1MSP for channel beerchannel to learn about
2019-11-22 10:04:00.917 UTC [gossip.state] NewGossipStateProvider -> INFO 030 Updating metadata information, current ledger sequence is at = 0, next expected block is = 1
2019-11-22 10:04:00.919 UTC [sccapi] deploySysCC -> INFO 031 system chaincode lscc/beerchannel(github.com/hyperledger/fabric/core/scc/lscc) deployed
2019-11-22 10:04:00.919 UTC [cscc] Init -> INFO 032 Init CSCC
2019-11-22 10:04:00.920 UTC [sccapi] deploySysCC -> INFO 033 system chaincode cscc/beerchannel(github.com/hyperledger/fabric/core/scc/cscc) deployed
2019-11-22 10:04:00.920 UTC [qscc] Init -> INFO 034 Init QSCC
2019-11-22 10:04:00.920 UTC [sccapi] deploySysCC -> INFO 035 system chaincode qscc/beerchannel(github.com/hyperledger/fabric/core/scc/qscc) deployed
2019-11-22 10:04:00.920 UTC [sccapi] deploySysCC -> INFO 036 system chaincode (+lifecycle,github.com/hyperledger/fabric/core/chaincode/lifecycle) disabled
2019-11-22 10:04:00.921 UTC [endorser] callChaincode -> INFO 037 [][ec4f5097] Exit chaincode: name:"cscc" (51ms)
2019-11-22 10:04:00.921 UTC [comm.grpc.server] 1 -> INFO 038 unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.29.0.6:42736 grpc.code=OK grpc.call_duration=51.473337ms
2019-11-22 10:04:06.919 UTC [gossip.election] beLeader -> INFO 039 42a5181dbddcff9d15ae32b05300e849fbcad1cf138e62f3d8b726d7b5db25d3 : Becoming a leader
2019-11-22 10:04:06.919 UTC [gossip.service] func1 -> INFO 03a Elected as a leader, starting delivery service for channel beerchannel
2019-11-22 10:04:06.923 UTC [blocksProvider] DeliverBlocks -> ERRO 03b [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:07.026 UTC [blocksProvider] DeliverBlocks -> ERRO 03c [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:07.239 UTC [blocksProvider] DeliverBlocks -> ERRO 03d [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:07.643 UTC [blocksProvider] DeliverBlocks -> ERRO 03e [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:08.445 UTC [blocksProvider] DeliverBlocks -> ERRO 03f [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:10.051 UTC [blocksProvider] DeliverBlocks -> ERRO 040 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:13.254 UTC [blocksProvider] DeliverBlocks -> ERRO 041 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:19.657 UTC [blocksProvider] DeliverBlocks -> ERRO 042 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:29.662 UTC [blocksProvider] DeliverBlocks -> ERRO 043 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:39.668 UTC [blocksProvider] DeliverBlocks -> ERRO 044 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:49.671 UTC [blocksProvider] DeliverBlocks -> ERRO 045 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:49.671 UTC [blocksProvider] DeliverBlocks -> ERRO 046 [beerchannel] Wrong statuses threshold passed, stopping block provider
2019-11-22 10:04:49.671 UTC [gossip.election] stopBeingLeader -> INFO 047 42a5181dbddcff9d15ae32b05300e849fbcad1cf138e62f3d8b726d7b5db25d3 Stopped being a leader
2019-11-22 10:04:49.671 UTC [gossip.service] func1 -> INFO 048 Renounced leadership, stopping delivery service for channel beerchannel
2019-11-22 10:05:56.924 UTC [gossip.election] beLeader -> INFO 049 42a5181dbddcff9d15ae32b05300e849fbcad1cf138e62f3d8b726d7b5db25d3 : Becoming a leader
2019-11-22 10:05:56.924 UTC [gossip.service] func1 -> INFO 04a Elected as a leader, starting delivery service for channel beerchannel
2019-11-22 10:05:56.929 UTC [blocksProvider] DeliverBlocks -> ERRO 04b [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:05:57.032 UTC [blocksProvider] DeliverBlocks -> ERRO 04c [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:05:57.235 UTC [blocksProvider] DeliverBlocks -> ERRO 04d [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:05:57.638 UTC [blocksProvider] DeliverBlocks -> ERRO 04e [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:05:58.441 UTC [blocksProvider] DeliverBlocks -> ERRO 04f [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:00.044 UTC [blocksProvider] DeliverBlocks -> ERRO 050 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:03.247 UTC [blocksProvider] DeliverBlocks -> ERRO 051 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:09.652 UTC [blocksProvider] DeliverBlocks -> ERRO 052 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:19.656 UTC [blocksProvider] DeliverBlocks -> ERRO 053 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:29.659 UTC [blocksProvider] DeliverBlocks -> ERRO 054 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:39.662 UTC [blocksProvider] DeliverBlocks -> ERRO 055 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:39.662 UTC [blocksProvider] DeliverBlocks -> ERRO 056 [beerchannel] Wrong statuses threshold passed, stopping block provider
2019-11-22 10:06:39.662 UTC [gossip.election] stopBeingLeader -> INFO 057 42a5181dbddcff9d15ae32b05300e849fbcad1cf138e62f3d8b726d7b5db25d3 Stopped being a leader
2019-11-22 10:06:39.662 UTC [gossip.service] func1 -> INFO 058 Renounced leadership, stopping delivery service for channel beerchannel
It seems something related to permissions but I cannot understand what's wrong in here.
The cli contains the beerchannel.block file, successfully generated it and now I just want to add peer0 to the channel.
Adding configtx.yaml
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/c.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &s
Name: sMSP
ID: sMSP
MSPDir: crypto-config/peerOrganizations/s.c.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('sMSP.admin', 'sMSP.peer', 'sMSP.client')"
Writers:
Type: Signature
Rule: "OR('sMSP.admin', 'sMSP.client')"
Admins:
Type: Signature
Rule: "OR('sMSP.admin')"
AnchorPeers:
- Host: peer1.s.c.com
Port: 7051
- Host: peer2.s.c.com
Port: 8051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer1.c.com:7050
BatchTimeout: 500ms
BatchSize:
MaxMessageCount: 15
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 kb
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OneOrgOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *s
OneOrgChannel:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *s
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1.c.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer1.c.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer1.c.com/tls/server.crt
- Host: orderer2.c.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer2.c.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer2.c.com/tls/server.crt
- Host: orderer3.c.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer3.c.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer3.c.com/tls/server.crt
Addresses:
- orderer1.c.com:7050
- orderer2.c.com:7050
- orderer3.c.com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *s
Check for the Reader policies that you have defined in your configtx.yaml this error is generated because of the policy mismatch. You have defined some specific user type(admin, peer, client) in your Reader policies but this specific user type is not passed into certificates that you have generated for your peer.
Edited:
If you want to make it generic and not specific to the identity type then you can edit the s org policies like this:
- &s
Name: sMSP
ID: sMSP
MSPDir: crypto-config/peerOrganizations/s.c.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('sMSP.member')"
Writers:
Type: Signature
Rule: "OR('sMSP.member')"
Admins:
Type: Signature
Rule: "OR('sMSP.admin')"
Check your crypto-config.yaml under peerOrgs section and add EnableNodeOUs property if missing then regenerate the crypto materials. Config example:
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true

Resources