I'm new to Hyperledger Fabric.
Can any one tell me where the endorsing policy is stored in Hyperledger Fabric?
Thanks in advance
When you specify (or modify) an endorsement policy for a chaincode within the context of a channel, it is stored in the configuration block for that channel by the orderer.
From the Hyperledger Fabric 1.1 documentation:
When the CONFIG_UPDATE is received, the orderer computes the resulting
CONFIG by doing the following:
Verifies the channel_id and read_set. All elements in the read_set must exist at the given versions.
Computes the update set by collecting all elements in the write_set which do not appear at the same version in the read_set.
Verifies that each element in the update set increments the version number of the element update by exactly 1.
Verifies that the signature set attached to the ConfigUpdateEnvelope satisfies the mod_policy for each element in the
update set.
Computes a new complete version of the config by applying the update set to the current config.
Writes the new config into a ConfigEnvelope which includes the CONFIG_UPDATE as the last_update field and the new config encoded in
the config field, along with the incremented sequence value.
Writes the new ConfigEnvelope into a Envelope of type CONFIG, and ultimately writes this as the sole transaction in a new configuration
block.
When the peer (or any other receiver for Deliver) receives this
configuration block, it should verify that the config was
appropriately validated by applying the last_update message to the
current config and verifying that the orderer-computed config field
contains the correct new configuration.
Related
My orderers admin and TLS certs expired so i tried generating new certs . created a new config.pb file by adding Base64 of certs in the config.json file and after that created new config.pb and was able to successfully sign the config by reversing the time of my peer cli machine but after getting signature from all the Organization MSP's . when i try to update my new config to the channel. I'm getting this error.
Error: got unexpected status: SERVICE_UNAVAILABLE -- update of more than one consenter at a time is not supported, requested changes: add 6 node(s), remove 6 node(s)
I have added newly generated certs for all the orderers at once by simply adding them all to the config.pb . what i understand from the above message is that i need to add the newly generated certs for every orderer one by one , Am i thinking correct ?
You can only update one consenter at a time and you'll do to do this for each channel as well.
I have assets whose state get updated and I want get history of that asset with previous_hash and current Block_hash. I am using CouchDB as State DB of Hyperledger Fabric.
I tried fabcar example function 'getHistoryForAsset' but it can give me only TxID but I need Block hash with this.
Can anybody help me how can we do it.
Thanks
Using the transaction ID you can call (evaluate) the GetBlockByTxID transaction function on the system qscc chaincode to get the block that contained that transaction. It expects a transaction ID as an argument and returns a common.Block protobuf response payload.
https://github.com/hyperledger/fabric-protos/blob/f44816d6f621f1f7615cb4fc65643791eb6d8ce6/common/common.proto#L142
Note that a block only contains the hash of the previous block, not the hash of itself.
Migration of Ordering service from Kafka to Raft.
As we understand the Ordering service never signs the transaction in Fabric. Dose this migration will effect anything on old transaction ordered by old ordere?
Also when we query transaction(local peer query), why do we set the orderer flag?
As long as you have successfully migrated consensus type from kafka >> raft
You are allowed to proceed with transactions.
Question1: Ordering service never signs the transaction in Fabric
Endorsing peers alone will sign transactions & orderer signs the blocks
Question2: Dose this migration will effect anything on old transaction ordered by old ordere?
No, If migration is successful then you are OK to proceed
If you would have followed this link and complete without errors https://hyperledger-fabric.readthedocs.io/en/release-1.4/kafka_raft_migration.html
THEN OK, dont worry about previous data, All SAFE.
However, let me know if you need any assistance in migration. Feel free to create another question reg: migration.
If you want to see old blocks after migration
check this snippet
// keep the block_reg to unregister with later if needed
block_reg = channel_event_hub.registerBlockEvent((block) => {
console.log('Successfully received the block event');
<do something with the block>
}, (error)=> {
console.log('Failed to receive the block event ::'+error);
<do something with the error>
},
{startBlock:23}
);
startBlock:{can be any Block No}
check > https://fabric-sdk-node.github.io/tutorial-channel-events.html
you will get complete block as json format, you will have orderer signature so that you can check which orderer has sealed this block.
I am facing a performance issue while using Hyperledger fabric node.js sdk.
When I issue the invocation request to sdk and consume the response given by the chaincode by using the following code
var proposalResponse = results[0];
var proposal = results[1];
let isProposalGood = false;
if(proposalResponse
&& proposalResponse[0].response
&& proposalResponse[0].response.status === 200){
isProposalGood = true;
var res = JSON.parse(proposalResponse[0].response.payload.toString());
res.event_status = 'VALID'
resolve(res);
}else{
reject(createErrorResponse(proposalResponse[0].message,500))
return
}
The api responds within 50ms as you can see the screenshot below:
But, when I wait for orderer to confirm the transaction by using the following code:
if (code === 'VALID'){
//get payload from proposal response
var res = JSON.parse(proposalResponse[0].response.payload.toString());
res.event_status = 'VALID'
resolve(res);
}else{
var return_status = createErrorResponse("Transaction was not valid", 500);
return_status.tx_id = transaction_id_string
reject(return_status)
return
}
It takes nearby 2500ms to response as you can see the screenshot of postman below:
Correct me if I am wrong
I know it takes time because the orderer confirms the transaction and commits into the ledger. But don't you think we should proceed only if the orderer agrees to transaction and commits into the ledger. If yes, then it will take 2.5 seconds to response (network is running on docker in local machine & sdk on same machine) which is a performance issue.
What happen if data is written into the chaincode and after that orderers deny to write the transaction into the ledger?
Any help would be appreciated
the orderer confirms the transaction and commits into the ledger.
The task for the Ordering service (As the name suggests) is only to order the received endorsed transactions chronologically by channel and then deliver them to all the peers in the channel. Orderers don't actually commit the transactions into the ledger.
The Committer Peers do. And committing is a time-taking process since all the peers validate all the transactions within the block to ensure endorsement policy is fulfilled and to ensure that there have been no changes to ledger state for read set variables since the read set was generated by the transaction execution. Transactions in the block are tagged as being valid or invalid. Then Each peer appends the block to the channel’s chain, and for each valid transaction the write sets are committed to current state database. An event is emitted, to notify the client application that the transaction (invocation) has been immutably appended to the chain, as well as notification of whether the transaction was validated or invalidated.
So after knowing all these details in the Transaction Flow, It should be noted that the client application shouldn't wait for the response received by the orderer. Instead it should just request the orderer to deliver the endorsed transactions and the application should be subscribed to the events emitted by the peers so that it should know or be notified that the transactions are actually immutably committed in the channel's chain.
You can have further help regarding event subscription in the Fabric Node SDK docs.
What happen if data is written into the chaincode and after that
orderers deny to write the transaction into the ledger?
This is simply impossible as data is appended to the chain only when the transaction is validated through proper endorsements from the endorser peers (specified by the endorsement policy) and then finally delivered to the committer peers to append the new values in the chain and update the world state. Data is only written in the chain after it passes all the validations and hence an orderer can never deny for the changes made in the data.
I found another reason for this delay.
The batchtimeout variable in configtx.yaml is set to 2 seconds. So it will do its processing and then wait for 2 seconds and then cut a block. So for write operation it takes approximately 2.5 seconds.
I'm really tired with this issue.
Please and Please explain how I can solve this problem to me if you know. I'm begging
I'm working on "Fabcar" sample which has 1 peer / 1 orderer / 1 ca server in the fabric-samples folder.
I wanted to add 2 more peers to the network and join them to the channel(which is called my channel)
So I've modified 3 files: crypto-config.yaml, docker-compose.yml, start.sh (in the basic-network folder) appropriately.
I'm also done producing crypto materials for the new 2 peers with the cryptogen tool.
But the thing is that when I executed "peer channel join -b myblock.block" in peer0.org1.example.com container in order to join those new peers to the channel, this error message is shown:
This error message
It says "JoinChain" request failed authorization check for channel [mychannel]: [Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]]))
I've also tried that command both inside and outside peer0.org1.example with docker exec command, and did with sudo and nothing works well.
It seems that I need to initiate the transaction with the admin's cert, but I really have no idea how to make it and how to resolve this authorization issue.
Please anyone who knows how to deal with this issue explain this to me in detail.
I've suffered from this problem for a very long time. I'm really desperate.
I'd really appreciate if you tell me how. Looking forward to your response. Thank you.
The error message is the tell: [This identity is not an admin]. You need to be using the identity of the admin for a given peer/org in order to execute the peer channel join command.
The way that cryptogen creates the crypto material is to populate a directory tree of a specific structure. For the admin certificate, you need to be using this identity:
fabric-samples/basic-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
in order to be the admin for Org1. The script that creates the channel and joins the one peer in the default sample is done with the command here:
https://github.com/hyperledger/fabric-samples/blob/f05a132586ae9ca7ce86b9e56ae4bd3b084bc959/basic-network/start.sh#L26
This issue is due to the access level of the credentials you are using.
You need to be an admin to add a peer to a channel, so you have access to to the system chaincode cscc.
Another possible issue is that in the network configuration (usually the configtx.yaml file) there is some policy resticting your access to join the peer to the channel, if you'd like I can take a look in your configtx file and see if I can help.
As you are using the Fabcar example and it's called with Node SDK you can add the peer also using SDK.
Please try it:
Instantiate a Fabric Client object and enroll an admin user. You can do it in your script based in Fabcar's enrollAdmin.js, as I will explain
In Fabcar's enrollAdmin.js line 72 you can see this line:
console.log('Assigned the admin user to the fabric client ::' + admin_user.toString());
Start from here, inside the "then" that starts in line 71.
You have to enroll the identity as an admin usng the method
fabric_client.setAdminSigningIdentity(pk, cert, MSPID);
The pk parameter is the admin private key, cert is his certificate and the MSPID is the one you specified for his organization in the configtx.yaml file.
you can get the pk and cert using the file system module from Node addins the following:
let fs = require('fs');
let cert = fs.readFileSync(path.join(__dirname, 'PATH_TO_CERT/CERT_NAME.pem'))
let pk = fs.readFileSync(path.join(__dirname, 'PATH_TO_PK','PK_NAME'))
The usual path to the admin certificate is
/fabric-samples/basic-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/admincerts
And to the private key is:
/fabric-samples/basic-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore
Now you just added the admin identity to your clients's instance, if everything is ok you need to create a peer instance with your peer's address as the following example:
peer=fabric_client.newPeer(grpc://localhost:7051);
Don't forget to use the grpc protocol, and if tls is enabled you have to use grpcs.
Now create a channel instance of your channel using the channel id as parameter:
let channel_i=fabric_client.newChannel('mychannel')
Then create a request to the channel genesis (config) block:
let orderer = fabric_client.newOrderer(ORDERER_URL);//the urlalso with grpc protocol
let tx_id=fabric.client.newTransactionID(true); //true means it's an administrative request
let g_request={
txId: tx_id,
orderer : orderer
}
Finally, make the block request, then use it to join the channel:
channel_i.getGenesisBlock(g_request).then((block) =>{
tx_id = fabric.client.newTransactionID(true);
let j_request = {
targets : peer,
block : block,
txId : tx_id,
};
// send genesis block to the peer
return channel_i.joinChannel(j_request, 10000).then((results) =>{
if(results[0].response.status == 200) {
// join successful
console.log("Join successful!!!");
} else {
// not good
console.log("Error:: "+ results);
throw results;
}
})
For the admin identity error, copy that identity signedcert into Org MSP admincerts folder and then generate the channel tx file.
This issue could be occurred due to wrong config of CORE_PEER_MSPCONFIGPATH
Please check yaml file. The CORE_PEER_MSPCONFIGPATH should be
/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
The above org1 is for sample, you can check with your org name.