I have setup a dev hyperledger fabric blockchain successfully and added an user/participant to the network. Execute the operations again and the blockchain all worked fine with using the card that was generated initially. But now, I have lost this card, can I export/download it again? I tried using identity "revoke" api, but it is failing with this error -
Error: Error trying invoke business network. Error: No valid responses from any peers.
Response from attempted peer comms was an error: Error: 2 UNKNOWN: error executing chaincode: transaction returned with failure: Error: attempt to get property state on an InvalidRelationship is not allowed. InvalidRelationship created due to Object with ID 'partcipant_1' in collection with ID 'Asset:org.hyperledger.composer.system.Identity' does not exist
I am not exactly sure what you mean when you say you "lost" the card.
The process goes like this:
you have an admin user with full rights to the network and an admin card to connect with, using this admin
you request a new identity, this gives you the required certificates, both public and private
you create a network card for this new identity using the certificates. This results in a physical .card file on disk
you import the physical file and you have a properly registered card and can now interact with the ledger, using this new identity.
if anything happens to the card itself, ie you deleted the registered card and got rid of the file as well, then you need to go through the process and recreate the card from scratch.
your commands could look like this:
composer identity request -c PeerAdmin#hlfv1 -u admin -s adminpw -d alice
this requests everything for a new user called alice, using the peer admin card which is created against the original network admin
composer card create -p your_connection.json -u alice -n your-network -c alice/admin-pub.pem -k alice/admin-priv.pem
this creates the card file
composer card import -f alice#your-network.card
this imports the card
composer network ping -c alice#your-network
check everything works
so, if you no longer have a registered card, you should still have the .card file and if you have that you can simply import it again.
if you don't have the .card file either, you should still have the certificates for "alice" and should be able to create the .card file
if you don't have the certs either then request them again ( I've never tried this particular scenario so we need to see what happens in that case )
Related
New Peer is unable to join the channel.
I have created a new peer in an existing organization and when I am running
docker network inspect bridge I can see that new peer is part of the organization.
When I am trying this peer to join the channel (mychannel) it is throwing below error.
Error: 2 UNKNOWN: access denied: channel [] creator org [Org1MSP]
In the above error, channel is an empty string while I am sending the mychannel as an argument.
I am using the join-channel script of balance transfer. It is working perfectly fine for the peers which created during the network creation.
Any idea why it is taking an empty string?
thanks
I figured out the reason.
Actually, the new peer is generated using different CA.
Previously I moved my organization's crypto-config directory to a different folder and then when I created new Peer it created new certificates for complete organization.
But I don't know the significance of the error as it must be different in this scenario.
Trying to add a new organisation from a separate host.(Modifying steps from ./eyfn.sh when necessary).
Managed to create and import network admin card using Hyperledger Composer. (https://medium.com/#mahoney_33893/hyperledger-composer-adding-another-organization-to-an-existing-running-multi-organization-fff5c8104a82).
However when pinging the network I got:
Error: Error trying to ping. Error: 2 UNKNOWN: access denied: channel [composerchannel] creator org [Org3MSP]
Upon getting the logs from peer I got
-Principal deserialization failure (MSP Org3MSP is unknown) for identity
-[channel: composerchannel] Client authorization revoked for deliver request from 10.0.1.6:48262: Failed evaluating policy on signed data during check policy on channel [composerchannel] with policy [/Channel/Application/Readers]: [Failed to reach implicit threshold of 1 sub-policies, required 1 remaining]
My problem is actually similar to that of Hyperledger-Composer: Getting "access denied" when pinging network admin card.
The solution did mention to include msp files of my new org into volumes of the orderer which I did as
docker cp msp <containername>:/etc/hyperledger/msp/peerOrganizations/org3.example.com
My first organisation was set up using the default ./startFabric.sh
Take note that im not using TLS for the time being.
The error still persist though and Im wondering why. I do however suspect that the way im giving msp to the orderer is somehow wrong. or Im putting it in a wrong file.
Maybe you will need to migrate from Composer to other framework.
Hundreds of devs are taking is using Convector. Convector is a Hyperledger Labs project that was created before Hyperledger Composer was deprecated but that looks similar to developers. It follows a model controller pattern (similar to Composer assets and transactions) however it compiles natively to Fabric code and does not create a runtime.
Generating the public key but not able to generate the private key of admin user while registering a new user through REST services in blockchain network and also getting below mentioned error.
Error:Failed Error: Private key missing from key store. Can not
establish the signing identity for user admin.
Followed the below steps :
Created a network in hyperledger fabric.
Created new a node application to publish the rest services by
referring the existing "balance-transfer" application.
Then started the node application.
Testing the rest services url in postman tool.
Getting the above mentioned error while testing the url http://localhost:4000/users in Postman tool.
Error at code level:
app.js--->helper.js
let adminUserObj = await client.setUserContext({username: admins[0].username, password: admins[0].secret});
Please suggest.
Remove the folders holding key-value store for organizations -> fabric-client-kv-* from the balance-transfer fabric sample.
rm -rf fabric-client-kv-*
Then create the network again. This resolved the issue for me.
have you tried to restart the network completely? (by using the "runApp.sh" script for that?) Take a look inside this script to the restartNetwork() function, where the "fabric-client-kv-org" folders in your balance-transfer folder are removed.
Does it work?
I have been following this Tutorial and I am able to complete it. I issue a new identity, to an existing participant and I create a business card for this identity with the following command:
composer identity issue --card admin#tutorial-network -f usr001#tutorial-network.card -u usr001 -a "resource:org.acme.biznet.Trader#usr001" -x true
Then, I import that business card via POST /wallet/import and I am able to call different REST API operations. After that, I stop the composer-rest-server and after a few minutes I start the composer-rest-server again with the command composer-rest-server -c admin#tutorial-network -m true -a true
Then, I authenticate to the REST API using the configured authentication mechanism (in this case passport-github strategy) and if I try to call one operation fro REST API it throws a A business network card has not been specified error message, then I import the previous business card via POST /wallet/import getting a no content which is supposed to be correct.
Finally, when I try to call another REST API operation I get the following error:
{
"error": {
"statusCode": 500,
"name": "Error",
"message": "Error trying to ping. Error: Error trying to query business network. Error: chaincode error (status: 500, message: Error: The current identity has not been registered: usr001)",
"stack": "Error: Error trying to ping. Error: Error trying to query business network. Error: chaincode error (status: 500, message: Error: The current identity has not been registered: usr001)\n at _checkRuntimeVersions.then.catch (/home/username/.npm-global/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:679:34)\n at <anonymous>"
}
}
This is the main issue, I don't know why my identity is not being recongized by the REST API if I used it previously to call some operations.
the problem is one of persistence as captured here -> https://hyperledger.github.io/composer/v0.16/integrating/enabling-multiuser.html and the link for persisting identities (ie instructions) is captured here -> https://hyperledger.github.io/composer/v0.16/integrating/deploying-the-rest-server.html
All user information is persisted in a LoopBack data source by using a LoopBack connector. By default, the REST server uses the LoopBack "memory" connector to persist user information, which is lost when the REST server is terminated. The REST server should be configured with a LoopBack connector that stores data in a highly available data source, for example a database.
I’m trying to deploy a developed network with the composer on first network sample. I have set the connection profile but it’s not enough because I have to set composer-credentials. I have tried to use the credential of developing environment (I have added the role of channel admin and peerAdmin) but it is firing the following error when I try to deploy the network:
Error: Error trying login and get user Context. Error: Private key missing from the key store. Can not establish the signing identity for user PeerAdmin
I have search information and there are two users on peers node one Admin#org1.example.com and User1#org1.example.com where there are 3 files: ca.crt, server.crt and server.key.
I have read that steps for creating a new ID card but it is using playground environment with the website but I need to do manually for the composer. So, what steps should I follow to create/update a connection profile for first network sample?
Thank you
My file
{
"name":"PeerAdmin",
"mspid":"Org1MSP",
"roles":["PeerAdmin", "ChannelAdmin"],
"affiliation":"",
"enrollmentSecret":"",
"enrollment":{
"signingIdentity":"114aab0e76bf0c78308f89efc4b8c9423e31568da0c340ca187a9b17aa9a4457",
"identity":{
"certificate":"-----BEGIN CERTIFICATE-----\n
MIICGjCCAcCgAwIBAgIRANuOnVN+yd/BGyoX7ioEklQwCgYIKoZIzj0EAwIwczEL\n
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\n
cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh\n
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMTcwNjI2MTI0OTI2WhcNMjcwNjI0MTI0OTI2\n
WjBbMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN\n
U2FuIEZyYW5jaXNjbzEfMB0GA1UEAwwWQWRtaW5Ab3JnMS5leGFtcGxlLmNvbTBZ\n
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGu8KxBQ1GkxSTMVoLv7NXiYKWj5t6Dh\n
WRTJBHnLkWV7lRUfYaKAKFadSii5M7Z7ZpwD8NS7IsMdPR6Z4EyGgwKjTTBLMA4G\n
A1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMCsGA1UdIwQkMCKAIBmrZau7BIB9\n
rRLkwKmqpmSecIaOOr0CF6Mi2J5H4aauMAoGCCqGSM49BAMCA0gAMEUCIQC4sKQ6\n
CEgqbTYe48az95W9/hnZ+7DI5eSnWUwV9vCd/gIgS5K6omNJydoFoEpaEIwM97uS\n
XVMHPa0iyC497vdNURA=\n
-----END CERTIFICATE-----\n"
}
}
}
To create a profile, it is done with composer cli tool. You have to execute the following command:
composer identity import -p hlfv1 -u Admin -c ../Downloads/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/Admin#org1.example.com-cert.pem -k ../Downloads/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/072d0b5a2dfc61beb8120736a9aa836f5046148dcba178ba52d57a4e26def8b6_sk
I see you're using the sample Developer environment. Why not just go into the fabric-tools directory (you downloaded) and run ./createComposerProfile.sh . It will import the required crypto material into the composer credentials directory for the dev setup, and that represents a channel admin and admin for the peer of the development fabric server.
Here's a workaround:
create a BlockChain Starter Plan from IBM Cloud
define the peers & channels as you wish from the UI
click download the connection profile
the file downloaded contains all the information about the Fabric, including the public/private keys and enrollmentSecret.