Hyperledger Fabric: Registration of 'orderer1-ord' failed in affiliation validation: Failed getting affiliation 'ord.OU': : - hyperledger-fabric

we have customized the fabric-ca sample to remove below line in env.sh
export FABRIC_CA_CLIENT_ID_AFFILIATION=org1
and add --id.affiliation $ORG.OU in all calls to fabric-ca-client register or enroll. Example:
scripts/env.sh: fabric-ca-client enroll -d --enrollment.profile tls -u $ENROLLMENT_URL -M /tmp/tls --csr.hosts $HOST_NAME --csr.names O=$ORG --id.affiliation $ORG.OU
scripts/env.sh: fabric-ca-client enroll -d -u https://$ADMIN_NAME:$ADMIN_PASS#$CA_HOST:7054 --csr.names O=$ORG --id.affiliation $ORG.OU
scripts/env.sh: fabric-ca-client enroll -d -u https://$USER_NAME:$USER_PASS#$CA_HOST:7054 --csr.names O=$ORG --id.affiliation $ORG.OU
scripts/setup-fabric.sh: fabric-ca-client register -d --id.name $ORDERER_NAME --id.secret $ORDERER_PASS --id.type orderer --id.affiliation $ORG.OU
scripts/setup-fabric.sh: fabric-ca-client register -d --id.name $ADMIN_NAME --id.secret $ADMIN_PASS --id.attrs "admin=true:ecert" --id.affiliation $ORG.OU
scripts/setup-fabric.sh: fabric-ca-client register -d --id.name $PEER_NAME --id.secret $PEER_PASS --id.type peer --id.affiliation $ORG.OU
scripts/setup-fabric.sh: fabric-ca-client register -d --id.name $ADMIN_NAME --id.secret $ADMIN_PASS --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert" --id.affiliation $ORG.OU
scripts/setup-fabric.sh: fabric-ca-client register -d --id.name $USER_NAME --id.secret $USER_PASS --id.affiliation $ORG.OU
scripts/setup-fabric.sh: fabric-ca-client getcacert -d -u https://$CA_HOST:7054 -M $ORG_MSP_DIR --id.affiliation $ORG.OU
scripts/start-orderer.sh:fabric-ca-client enroll -d --enrollment.profile tls -u $ENROLLMENT_URL -M /tmp/tls --csr.hosts $ORDERER_HOST --csr.names O=$ORG --id.affiliation $ORG.OU
scripts/start-orderer.sh:fabric-ca-client enroll -d -u $ENROLLMENT_URL -M $ORDERER_GENERAL_LOCALMSPDIR --csr.names O=$ORG --id.affiliation $ORG.OU
scripts/start-peer.sh:fabric-ca-client enroll -d --enrollment.profile tls -u $ENROLLMENT_URL -M /tmp/tls --csr.hosts $PEER_HOST --csr.names O=$ORG --id.affiliation $ORG.OU
scripts/start-peer.sh:fabric-ca-client enroll -d -u $ENROLLMENT_URL -M $CORE_PEER_MSPCONFIGPATH --csr.names O=$ORG --id.affiliation $ORG.OU
when we do this we see this error in setup.log:
Error: Response from server: Error Code: 0 - Registration of 'orderer1-ord' failed in affiliation validation: Failed getting affiliation 'ord.OU': : scode: 404, code: 63, msg: Failed to get Affiliation: sql: no rows in result set
If we modify enrollCAADmin to add:
# https://stackoverflow.com/a/48840929/147530
fabric-ca-client affiliation add $1
we now see this error:
Error: Response from server: Error Code: 60 - Affiliation already exists
How can we fix this?


Adding affiliation of $ORG.OU fails but adding affiliation of $ORG works. In setup-fabric.sh, function registerPeerIdentities
fabric-ca-client register -d --id.name $ADMIN_NAME --id.secret $ADMIN_PASS --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" --id.affiliation=$ORG
log "Registering user identity with $CA_NAME"
fabric-ca-client register -d --id.name $USER_NAME --id.secret $USER_PASS --id.affiliation=$ORG
note following section in $FABRIC_CA_SERVER_HOME/fabric-ca-server-config.yaml of rca-myorg1
root#cad23a1fb013:/etc/hyperledger/fabric-ca# cat fabric-ca-server-config.yaml
affiliations:
ord: []
myorg1: []
myorg2: []
myorg3: []
org1:
- department1
- department2
org2:
- department1
from https://hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.html#registering-a-new-identity
The affiliation of the registrar must be equal to or a prefix of the
affiliation of the identity being registered. For example, an
registrar with an affiliation of “a.b” may register an identity with
an affiliation of “a.b.c” but may not register an identity with an
affiliation of “a.c”. If root affiliation is required for an identity,
then the affiliation request should be a dot (”.”) and the registrar
must also have root affiliation. If no affiliation is specified in the
registration request, the identity being registered will be given the
affiliation of the registrar.
so not sure why setting affiliation to $ORG works but $ORG.OU does not

Related

Hyperlegder fabric invoke command (error)

while running the following invoke command, I have seen error
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem" -C mychannel -n basic --peerAddresses localhost:7051 --tlsRootCertFiles "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt" --peerAddresses localhost:9051 --tlsRootCertFiles "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt" -c '{"function":"InitLedger","Args":[]}'
ERRO [main] InitCmd -> Cannot run peer because cannot init crypto, specified path "/Users/fabric-samples/config/msp" does not exist or cannot be accessed: stat /Users/fabric-samples/config/msp: no such file or directory
I have tried many alternatives but could not resolve.

Error when revoking a user: "Caller does not have authority to revoke"

I'm trying to setup a user to be able to register and revoke other users. I use the fabric-ca-client command to register a user and enroll like so:
fabric-ca-client register \
--id.name user8 \
--id.affiliation org1 \
--id.type user \
--id.attrs 'hf.Registrar.Roles=user,hf.GenCRL=true, admin=true:ecert, hf.Revoker=true' \
--id.secret user2pw \
-u http://localhost:7054
fabric-ca-client enroll -u http://user8:user2pw#localhost:7054
Then I use it to register another user:
fabric-ca-client register \
--id.name user2b \
--id.affiliation org1 \
--id.type user \
--id.secret user3pw \
-u http://localhost:7054
So far, so good. But if try to revoke the newly created user, i get:
fabric-ca-client revoke -e user2b -r 'keycompromise' -u http://localhost:7054
2022/11/04 11:57:03 [INFO] Configuration file location: /Users/salimbene/.fabric-ca-client/fabric-ca-client-config.yaml
Error: Response from server: Error Code: 71 - Authorization failure
And in the fabric CA server I see:
2022/11/04 11:57:03 [INFO] [::1]:57012 POST /revoke 403 7 "Caller does not have authority to revoke"
I cannot figure out why I cannot revoke with my registrar user when its clearly stated in the attr property that hf.Revoker=true.
Any tips?

The problem was the spaces in this line:
--id.attrs 'hf.Registrar.Roles=user,hf.GenCRL=true, admin=true:ecert, hf.Revoker=true' \
There should be NO spaces in the string provided to --id.attrs:
--id.attrs 'hf.Registrar.Roles=user,hf.GenCRL=true,admin=true:ecert,hf.Revoker=true' \

Permission problem of adding orderer node to channel

I want to add a raft node, because this node belongs to a different organization and needs to submit channel updates to the channel.
export FABRIC_CFG_PATH=${PWD}/config
configtxgen -printOrg Orderer2Org > ./organizations/ordererOrganizations/orderer2.xiaoyin.com/orderer2.json
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config >"config.json"
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"Orderer2Org":.[1]}}}}}' config.json ./organizations/ordererOrganizations/orderer2.xiaoyin.com/orderer2.json > modified_config.json
configtxlator proto_encode --input "config.json" --type common.Config >original_config.pb
configtxlator proto_encode --input "modified_config.json" --type common.Config >modified_config.pb
configtxlator compute_update --channel_id "xiaochannel" --original original_config.pb --updated modified_config.pb >config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate >config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'xiaochannel'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope >"orderer2_update_in_envelope.pb"
When I use the command "peer channel signconfigtx -f "orderer2_update_in_envelope.pb" at Orderer1 node,an error occurs .
2021-04-25 15:33:15.408 UTC [comm.grpc.server] 1 -> INFO 120 streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Broadcast grpc.peer_address=192.168.56.3:48256 grpc.code=OK grpc.call_duration=3.814211ms
2021-04-25 15:40:53.375 UTC [orderer.common.broadcast] ProcessMessage -> WARN 121 [channel: xiaochannel] Rejecting broadcast of config message from 192.168.56.3:48258 because of error: error applying config update to existing channel 'xiaochannel': error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Orderer not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
How to configure this command?

I got it.
export CORE_PEER_LOCALMSPID="Orderer1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE="/home/network/organizations/ordererOrganizations/orderer1.xiaoyin.com/orderers/osn1.orderer1.xiaoyin.com/tls/ca.crt"
export CORE_PEER_MSPCONFIGPATH=/home/network/organizations/ordererOrganizations/orderer1.xiaoyin.com/users/Admin#xiaoyin.com/
export CORE_PEER_ADDRESS=localhost:7050
peer channel signconfigtx -f "orderer2_update_in_envelope.pb"
peer channel update -o osn1.orderer1.xiaoyin.com:7050 --ordererTLSHostnameOverride osn1.orderer1.xiaoyin.com -c xiaochannel -f orderer2_update_in_envelope.pb --tls --cafile "$ORDERER_CA"
This solves the problem of permissions.

Hyperledger fabric: unable to Invoke chaincode in the chainecode_example02 for?

I have my own network on and try to use the chaincode_example02 chaincode to test it out, following the first-network example. When it comes to chaincodeInvoke in my shellscipt, the console shows
Sending invoke transaction on peer0.bank peer0.caseManager...
--tlsRootCertFiles
--peerAddresses peer0.bank.snts.com:7051 --tlsRootCertFiles
--tlsRootCertFiles
--peerAddresses peer0.bank.snts.com:7051 --tlsRootCertFiles --peerAddresses peer0.caseManager.snts.com:7051 --tlsRootCertFiles
+ peer chaincode invoke -o orderer.snts.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/snts.com/orderers/orderer.snts.com/msp/tlscacerts/tlsca.snts.com-cert.pem -C sntschannel -n mycc --peerAddresses peer0.bank.snts.com:7051 --tlsRootCertFiles --peerAddresses peer0.caseManager.snts.com:7051 --tlsRootCertFiles -c '{"Args":["invoke","a","b","10"]}'
+ res=1
+ set +x
2019-01-01 16:38:40.670 UTC [chaincodeCmd] validatePeerConnectionParameters -> WARN 001 received more TLS root cert files (2) than peer addresses (1)
Error: error validating peer connection parameters: number of peer addresses (1) does not match the number of TLS root cert files (2)
!!!!!!!!!!!!!!! Invoke execution on peer0.bank peer0.caseManager failed !!!!!!!!!!!!!!!!
========= ERROR !!! FAILED to execute End-2-End Scenario ===========
bank has 2 peers and caseManager has 3. What can lead to this problem? In first-network example, both orgs has 2 peers, and it works perfectly. Can someone help? Thank you.

In your request, you have used --tlsRootCertFiles flag but did not specify any path for it? are you setting this externally? if not try specifying it like
--tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt

The problem is with the way TLSINFO is fetched.
Below command is used in utils.sh file where we are mentioning the TLSCert file. You need to modify it according to your requirement.
TLSINFO=$(eval echo "--tlsRootCertFiles \$PEER$1_Org$2_CA")

You need to modify the global variables so that they are generic.
It is necessary to change, in the setOrderererGlobals() method of the file utils.sh :
setGlobals() {
PEER=$1
ORG=$2
### ADD THESES LINES !!! ###
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org$ORG.supplychainnet.ch/peers/peer$PEER.org$ORG.supplychainnet.ch/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org$ORG.supplychainnet.ch/users/Admin\#org$ORG.supplychainnet.ch/msp
### ADD THESES LINES !!! ###
if [ $ORG -eq 1 ]; then
CORE_PEER_LOCALMSPID="Org1MSP"
### COMMENT THESES LINES !!! ###
#CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
#CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.supplychainnet.ch/users/Admin\#org1.supplychainnet.ch/msp
### COMMENT THESES LINES !!! ###
if [ $PEER -eq 0 ]; then
CORE_PEER_ADDRESS=peer0.org1.supplychainnet.ch:7051
else
CORE_PEER_ADDRESS=peer1.org1.supplychainnet.ch:8051
fi
else
echo "================== ERROR !!! ORG Unknown =================="
fi
As a result, the environment paths for each peer will automatically be updated with the numbers $PEER and $ORG instead of retrieving the global PEERx_ORGy_CA paths defined at the top of the file.

pass ca.crt file path for respective peer in --tlsRootCertFiles
Try This and it works
docker exec -it cli bash
peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C testchannel -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["invoke","a","b","20"]}'

How to restart fabric containers (x86_64-1.1.0-preview) with data persistence to perform chaincode invoke functions normally?

I have set up data persistence in the peer and the couchdb containers and have run through the commands with the chaincode_example02 chaincode manually on both peers in the cli container (with the command line commented in docker-compose-cli.yaml). The last things I did is to shutdown the containers and then restart them. After the restart, I can query the "query" function of the chaincode without any problem and all the data are still there (balances of a and b) and the same as before I perform the shutdown. However, I get the following error when I invoke the "invoke" function on both peer containers.
Error: Error sending transaction invoke: got unexpected status: NOT_FOUND -- channel does not exist
How to restart the fabric containers (x86_64-1.1.0-preview) with data persistence so that I can perform chaincode invoke functions normally after the restart?
Ubuntu version:
Distributor ID: Ubuntu
Description: Ubuntu 17.10
Release: 17.10
Codename: artful
Hyperledger Fabric version:
x86_64-1.1.0-preview
All actions below are done with the "first-network" (byfn.sh) example:
Configuration Changes:
added the following lines in the volumes sections in docker-compose-base.yaml for peer container data persistence
for peer0.org1.example.com:
- ../persist-data/peer0org1:/var/hyperledger/production
for peer1.org1.example.com:
- ../persist-data/peer1org1:/var/hyperledger/production
for peer0.org2.example.com:
- ../persist-data/peer0org2:/var/hyperledger/production
for peer1.org2.example.com:
- ../persist-data/peer1org2:/var/hyperledger/production
added the following lines in the volumes sections in docker-compose-couch.yaml for couchdb container data persistence
for couchdb0:
- ./persist-data/couchdb0:/opt/couchdb/data
for couchdb1:
- ./persist-data/couchdb1:/opt/couchdb/data
for couchdb2:
- ./persist-data/couchdb2:/opt/couchdb/data
for couchdb3:
- ./persist-data/couchdb3:/opt/couchdb/data
I have also changed to couchdb port numbers as follow to avoid conflicts with the couchdb installed on my computer:
for couchdb0:
- "6984:5984"
for couchdb1:
- "7984:5984"
for couchdb2:
- "8984:5984"
for couchdb3:
- "9984:5984"
Actions and commands:
cd to the first-network directory
../../bin/cryptogen generate --config=./crypto-config.yaml
export FABRIC_CFG_PATH=$PWD
../../bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
export CHANNEL_NAME=mychannel && ../../bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
../../bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP
../../bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org2MSP
docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml up -d
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
# enter the cli container and execute the commands in the cli container manually
docker exec -it cli bash
export CHANNEL_NAME=mychannel
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel join -b mychannel.block
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer channel join -b mychannel.block
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go/
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go/
peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "OR ('Org1MSP.member','Org2MSP.member')"
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}'
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode invoke -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","5"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}'
exit
#get out of the cli container
docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml down
docker container ls
docker network ls
docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml up -d
docker container ls
docker network ls
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
# enter the cli container and execute the commands in the cli container manually
docker exec -it cli bash
export CHANNEL_NAME=mychannel
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}'
# get error in the next two commands invoking the "invoke" function in the chaincode. The full error text is at the bottom.
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","b","a","10"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode invoke -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","b","a","5"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","b"]}'
This is the full error text from peer0 org1:
2018-01-26 17:04:00.046 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2018-01-26 17:04:00.046 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-01-26 17:04:00.052 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 003 Using default escc
2018-01-26 17:04:00.052 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 004 Using default vscc
2018-01-26 17:04:00.052 UTC [chaincodeCmd] getChaincodeSpec -> DEBU 005 java chaincode disabled
2018-01-26 17:04:00.052 UTC [msp/identity] Sign -> DEBU 006 Sign: plaintext: 0AAA070A6608031A0B0880BFADD30510...696E766F6B650A01620A01610A023130
2018-01-26 17:04:00.052 UTC [msp/identity] Sign -> DEBU 007 Sign: digest: 20D7EB048A7E3F59A74A3F7C1757E7CCCFFBFD2F5D5FC8A4BFF949051F22F99E
2018-01-26 17:04:00.094 UTC [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0AAA070A6608031A0B0880BFADD30510...21ED65F3952B1FE09A8E14D906B69E7C
2018-01-26 17:04:00.094 UTC [msp/identity] Sign -> DEBU 009 Sign: digest: 285F91523D88D5D88CFCF7CDA89E6C81025D58116F2F33C1BE59DAEB9AA304D6
Error: Error sending transaction invoke: got unexpected status: NOT_FOUND -- channel does not exist - version:1 response:<status:200 message:"OK" > payload:"\n &\2175\217\025\227\216Q\373a\020G\010\022{\3179\352\243\352\006\\\254\265\013\336\3070\002\237\353\315\022Y\nE\022\024\n\004lscc\022\014\n\n\n\004mycc\022\002\010\003\022-\n\004mycc\022%\n\007\n\001a\022\002\010\005\n\007\n\001b\022\002\010\005\032\007\n\001a\032\00295\032\010\n\001b\032\003205\032\003\010\310\001\"\013\022\004mycc\032\0031.0" endorsement:<endorser:"\n\007Org1MSP\022\226\006-----BEGIN CERTIFICATE-----\nMIICGjCCAcCgAwIBAgIRAIgZ0tCVwxfC3MNajGO3DKgwCgYIKoZIzj0EAwIwczEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh\nLm9yZzEuZXhhbXBsZS5jb20wHhcNMTgwMTI2MTY0NTE0WhcNMjgwMTI0MTY0NTE0\nWjBbMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN\nU2FuIEZyYW5jaXNjbzEfMB0GA1UEAxMWcGVlcjAub3JnMS5leGFtcGxlLmNvbTBZ\nMBMGByqGSM49AgEGCCqGSM49AwEHA0IABK3PyoXXOwdkwGL5hkXpxNUxF0f5+2p8\nE2jMD6xCascnLlbDs4dqcsdU5pGs/xJKJukEv+YYZabhQMOZN0ZqR+yjTTBLMA4G\nA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMCsGA1UdIwQkMCKAILgbSt2V1f0R\nGHsGkSuIPvwktllKaUBtWskwCwjGFc+BMAoGCCqGSM49BAMCA0gAMEUCIQCZoO0k\nIoaDOdyJc5B9L4uTE8lHYMLpHZyJ0TLg5ipK/wIgPrW0LZvkrQik8/38UpfOfF/F\ndGQS8yRG2kpOv1HKH0k=\n-----END CERTIFICATE-----\n" signature:"0E\002!\000\340\347\345\036\356\020\352\216\200\037\220$rk\320\243\025\006p\315\376\340C\\YG\030P\341\022i\262\002 \031\357M\2274\t\263\263\313\002=\206\224\321\255\r!\355e\363\225+\037\340\232\216\024\331\006\266\236|" >
Usage:
peer chaincode invoke [flags]
Flags:
-C, --channelID string The channel on which this command should be executed (default "testchainid")
-c, --ctor string Constructor message for the chaincode in JSON format (default "{}")
-n, --name string Name of the chaincode
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--logging-level string Default logging level and overrides, see core.yaml for full syntax
-o, --orderer string Ordering service endpoint
--test.coverprofile string Done (default "coverage.cov")
--tls Use TLS when communicating with the orderer endpoint
--transient string Transient map of arguments in JSON encoding
-v, --version Display current version of fabric peer server
This is the full error text from peer0 org2:
2018-01-26 17:05:22.201 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2018-01-26 17:05:22.201 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-01-26 17:05:22.205 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 003 Using default escc
2018-01-26 17:05:22.206 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 004 Using default vscc
2018-01-26 17:05:22.206 UTC [chaincodeCmd] getChaincodeSpec -> DEBU 005 java chaincode disabled
2018-01-26 17:05:22.206 UTC [msp/identity] Sign -> DEBU 006 Sign: plaintext: 0AA6070A6608031A0B08D2BFADD30510...06696E766F6B650A01620A01610A0135
2018-01-26 17:05:22.206 UTC [msp/identity] Sign -> DEBU 007 Sign: digest: 26976CF7AC5443DB2390C53818E2C4B64A7278DBB874101FD4B335189333294A
2018-01-26 17:05:22.267 UTC [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0AA6070A6608031A0B08D2BFADD30510...CC920EBFDA7DA672DC8EA94465B459B2
2018-01-26 17:05:22.267 UTC [msp/identity] Sign -> DEBU 009 Sign: digest: B6965F71B9DBCC7CB4788BF260A477275C4FFB9393D8176FCBAD75333F566055
Error: Error sending transaction invoke: got unexpected status: NOT_FOUND -- channel does not exist - version:1 response:<status:200 message:"OK" > payload:"\n \271\353p\303\250\000m\366dy\021(!\2043\002\305>]&u_\364o\250\335\305\026\3310\354T\022Y\nE\022\024\n\004lscc\022\014\n\n\n\004mycc\022\002\010\003\022-\n\004mycc\022%\n\007\n\001a\022\002\010\005\n\007\n\001b\022\002\010\005\032\007\n\001a\032\00290\032\010\n\001b\032\003210\032\003\010\310\001\"\013\022\004mycc\032\0031.0" endorsement:<endorser:"\n\007Org2MSP\022\226\006-----BEGIN CERTIFICATE-----\nMIICGTCCAb+gAwIBAgIQJj1f7E3ibi/1ttw70Rh8sTAKBggqhkjOPQQDAjBzMQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu\nb3JnMi5leGFtcGxlLmNvbTAeFw0xODAxMjYxNjQ1MTRaFw0yODAxMjQxNjQ1MTRa\nMFsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMR8wHQYDVQQDExZwZWVyMC5vcmcyLmV4YW1wbGUuY29tMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHZ/3QCOmqgh/z3tnhepv4YSlvF3m8jXG\n4xDAs1xycyBiecGRbnWX93vdqDbKJvF/f3/JsBPoHPl663tJcrqQ96NNMEswDgYD\nVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgwrQVLq1wpKed\nwmIVDWSrClqEts8LWOTDlO7ncgx3a5wwCgYIKoZIzj0EAwIDSAAwRQIhALOzxd2C\nMAYj+EBYCnwbkxixSNlZI3YxA5tBnshN4oS0AiBeHWebdXsg7lMzaJtwa+r9JcRt\nUVAM4j/ydnSQsfyfRA==\n-----END CERTIFICATE-----\n" signature:"0E\002!\000\240q\3370\307Iwi\036\022\305\035}!E\234\220\213\336`o\323\344\375\311\211j\361\t\343p\023\002 \177\026\351\234s\216\276=\207(\325\223i\264\303)\314\222\016\277\332}\246r\334\216\251De\264Y\262" >
Usage:
peer chaincode invoke [flags]
Flags:
-C, --channelID string The channel on which this command should be executed (default "testchainid")
-c, --ctor string Constructor message for the chaincode in JSON format (default "{}")
-n, --name string Name of the chaincode
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--logging-level string Default logging level and overrides, see core.yaml for full syntax
-o, --orderer string Ordering service endpoint
--test.coverprofile string Done (default "coverage.cov")
--tls Use TLS when communicating with the orderer endpoint
--transient string Transient map of arguments in JSON encoding
-v, --version Display current version of fabric peer server

By following Gari Singh's help, I have added the following line in the volumes sections in docker-compose-base.yaml for orderer container data persistence and the problem is solved.
for orderer:
- ../persist-data/orderer:/var/hyperledger/production

Resources