Following is my configtx.yaml
It is failing to generate the genesis block with following error
'Profiles[HealthwiseChannel].Application' has invalid keys: Oragnizations
2018-03-13 16:24:43.389 IST [common/tools/configtxgen] func1 -> CRIT 003 Error unmarshaling config into struct: 1 error(s) decoding:
'Profiles[HealthwiseChannel].Application' has invalid keys: Oragnizations
panic: Error unmarshaling config into struct: 1 error(s) decoding:
'Profiles[HealthwiseChannel].Application' has invalid keys: Oragnizations [recovered]
panic: Error unmarshaling config into struct: 1 error(s) decoding:
'Profiles[HealthwiseChannel].Application' has invalid keys: Oragnizations
yaml file:
Capabilities:
Global: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_1: true
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/healthwise.com/msp
AdminPrincipal: Role.ADMIN
- &insuranceOrg1
Name: insuranceOrg1
ID: insuranceOrg1MSP
MSPDir: crypto-config/peerOrganizations/insuranceOrg1.healthwise.com/msp
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: peer0.insuranceOrg1.healthwise.com
Port: 7051
- &insuranceOrg2
Name: insuranceOrg2
ID: insuranceOrg2MSP
MSPDir: crypto-config/peerOrganizations/insuranceOrg2.healthwise.com/msp
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: peer0.insuranceOrg2.healthwise.com
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.healthwise.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
- *insuranceOrg1
- *insuranceOrg2
Capabilities:
<<: *OrdererCapabilities
Application: &ApplicationDefaults
Organizations:
- *insuranceOrg1
- *insuranceOrg2
Capabilities:
<<: *ApplicationCapabilities
Profiles:
HealthwiseOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *ApplicationCapabilities
Consortiums:
HealthwiseConsortium:
Organizations:
- <<: *OrdererOrg
- <<: *insuranceOrg1
- <<: *insuranceOrg2
HealthwiseChannel:
Capabilities:
<<: *ChannelCapabilities
Consortium: HealthwiseConsortium
Application:
<<: *ApplicationDefaults
Oragnizations:
- *OrdererOrg
- *insuranceOrg1
- *insuranceOrg2
Capabilities:
<<: *ApplicationCapabilities
Please help me figure out what is the mistake i am making.
Make sure you are running "configtxgen" in the same path where configtx.yaml is located
It can be a case of version mismatch. Make sure your version of binaries match the configuration files.
Related
Network configuration:
I have a Hyperledger Fabric network with 5 orgs and 6 channels. Each org has a single peer, and the orderer is part of one of the peer organizations (named PSU). All organizations are members of the channels "uam.psu.registration", "fuh.vertiport.operations", and "air.traffic.control". All channels except one (PSU) are members on the channel "fuh.financial.operations". All organizations except Fly-Us-Hospitality are part of the channel "vehicle.telemetry". Only PSU is part of the channel "secure.airspace".
Issue:
I successfully create all the channels and join the organizations to the corresponding channels without error. Then I try to update the anchor peers. For each org, for each channel it participates in, I run peer channel update -o localhost:7050 --ordererTLSHostnameOverrider orderer.psu.secure.airspace -c <channel_name> -f ./channel-artifacts/<channel_name>/<org>MSPanchors.tx --tls true --cafile $ORDERER_CA where $ORDERER_CA is set appropriately.
It doesn't show any error message on the terminal, but on logspout I see
peer0.boeing.secure.airspace.com|2020-09-15 19:58:10.384 UTC [gossip.comm] authenticateRemotePeer -> ERRO 001 Failed verifying signature from 172.29.0.2:59660 : implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied
peer0.boeing.secure.airspace.com|2020-09-15 19:58:10.384 UTC [gossip.comm] GossipStream -> ERRO 002 Authentication failed: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied
For each peer channel update... command mentioned above. Any one have any ideas why I'm seeing this?
Here is my configtx.yaml file:
Organizations:
- &PSU
Name: PSUMSP
SkipAsForeign: false
ID: PSUMSP
MSPDir: crypto-config/peerOrganizations/psu.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('PSUMSP.member')"
Writers:
Type: Signature
Rule: "OR('PSUMSP.member')"
Admins:
Type: Signature
Rule: "OR('PSUMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('PSUMSP.member')"
OrdererEndpoints:
- orderer.psu.secure.airspace.com:7050
AnchorPeers:
- Host: peer0.psu.secure.airspace.com
Port: 7051
- &Boeing
Name: BoeingMSP
ID: BoeingMSP
MSPDir: crypto-config/peerOrganizations/boeing.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('BoeingMSP.member')"
Writers:
Type: Signature
Rule: "OR('BoeingMSP.member')"
Admins:
Type: Signature
Rule: "OR('BoeingMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('BoeingMSP.member')"
AnchorPeers:
- Host: peer0.boeing.secure.airspace.com
Port: 8051
- &Uber
Name: UberMSP
ID: UberMSP
MSPDir: crypto-config/peerOrganizations/uber.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('UberMSP.member')"
Writers:
Type: Signature
Rule: "OR('UberMSP.member')"
Admins:
Type: Signature
Rule: "OR('UberMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('UberMSP.member')"
AnchorPeers:
- Host: peer0.uber.secure.airspace.com
Port: 9051
- &AirBus
Name: AirBusMSP
ID: AirBusMSP
MSPDir: crypto-config/peerOrganizations/airbus.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('AirBusMSP.member')"
Writers:
Type: Signature
Rule: "OR('AirBusMSP.member')"
Admins:
Type: Signature
Rule: "OR('AirBusMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('AirBusMSP.member')"
AnchorPeers:
- Host: peer0.airbus.secure.airspace.com
Port: 10051
- &Fly-Us-Hospitality
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/msP
Policies:
Readers:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
Writers:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
Admins:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
AnchorPeers:
- Host: peer0.fly-us-hospitality.secure.airspace.com
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.psu.secure.airspace.com
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls/server.crt
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
- *PSU
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
RegistrationProfile:
Consortium:
GeneralChannel:
Consortium: GeneralConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
Capabilities:
<<: *ApplicationCapabilities
VehicleOperationsChannel:
Consortium: VehicleOperationsConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
Capabilities:
<<: *ApplicationCapabilities
FinancialOperationsChannel:
Consortium: FinancialOperationsConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
Capabilities:
<<: *ApplicationCapabilities
SecureAirspaceChannel:
Consortium: SecureAirspaceConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *PSU
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SecureAirspaceConsortium:
Organizations:
- *PSU
FinancialOperationsConsortium:
Organizations:
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
VehicleOperationsConsortium:
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
GeneralConsortium:
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
And my docker-compose.yaml file
version: "2"
#networks:
# network3.1:
services:
ca-psu:
container_name: ca.psu.secure.airspace.com
hostname: ca.psu.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.psu.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.psu.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.psu.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-boeing:
container_name: ca.boeing.secure.airspace.com
hostname: ca.boeing.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.boeing.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.boeing.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.boeing.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-uber:
container_name: ca.uber.secure.airspace.com
hostname: ca.uber.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.uber.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.uber.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.uber.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-airbus:
container_name: ca.airbus.secure.airspace.com
hostname: ca.airbus.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.airbus.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.airbus.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.airbus.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-fly-us-hospitality:
container_name: ca.fly-us-hospitality.secure.airspace.com
hostname: ca.fly-us-hospitality.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.fly-us-hospitality.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.fly-us-hospitality.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.fly-us-hospitality.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.psu.secure.airspace.com:
container_name: orderer.psu.secure.airspace.com
image: hyperledger/fabric-orderer:2.2
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=ERROR
- FABRIC_LOGGING_SPEC=ERROR
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.psu.secure.airspace.com:
container_name: peer0.psu.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=PSUMSP
- CORE_PEER_ID=peer0.psu.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.psu.secure.airspace.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.psu.secure.airspace.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.psu.secure.airspace.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.psu.secure.airspace.com:7051
volumes:
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/peer0.psu.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/peer0.psu.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.boeing.secure.airspace.com:
container_name: peer0.boeing.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=BoeingMSP
- CORE_PEER_ID=peer0.boeing.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.boeing.secure.airspace.com:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.boeing.secure.airspace.com:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.boeing.secure.airspace.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.boeing.secure.airspace.com:8051
volumes:
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/peers/peer0.boeing.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/peers/peer0.boeing.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.uber.secure.airspace.com:
container_name: peer0.uber.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=UberMSP
- CORE_PEER_ID=peer0.uber.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.uber.secure.airspace.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.uber.secure.airspace.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.uber.secure.airspace.com:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.uber.secure.airspace.com:9051
volumes:
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/peers/peer0.uber.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/peers/peer0.uber.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.airbus.secure.airspace.com:
container_name: peer0.airbus.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=AirBusMSP
- CORE_PEER_ID=peer0.airbus.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.airbus.secure.airspace.com:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.airbus.secure.airspace.com:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.airbus.secure.airspace.com:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.airbus.secure.airspace.com:10051
volumes:
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/peers/peer0.airbus.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/peers/peer0.airbus.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.fly-us-hospitality.secure.airspace.com:
container_name: peer0.fly-us-hospitality.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=Fly-Us-HospitalityMSP
- CORE_PEER_ID=peer0.fly-us-hospitality.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.fly-us-hospitality.secure.airspace.com:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.fly-us-hospitality.secure.airspace.com:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.fly-us-hospitality.secure.airspace.com:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.fly-us-hospitality.secure.airspace.com:11051
volumes:
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/peers/peer0.fly-us-hospitality.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/peers/peer0.fly-us-hospitality.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
Before executing each peer channel update .. command, I update the corresponding environment variables:
CORE_PEER_LOCALMSPID=MSP
CORE_PEER_TLS_ROOTCERT_FILE=/peerOrganizations/<org.domain>/peers/peer0.<org.domain>/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/peerOrganizations/<org.domain>/users/Admin#<org.domain>/msp
CORE_PEER_ADDRESS=localhost:
Note: I am not affiliated with any companies whose name I am using in this network.
Before executing the peer update command, please check below env variables.
# change Org1MSP to your org msp name
export CORE_PEER_LOCALMSPID="Org1MSP"
# here org name accordingly
export CORE_PEER_MSPCONFIGPATH=${PWD}/crypto-config/peerOrganizations/org1.com/users/Admin#org1.com/msp
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/crypto-config/peerOrganizations/org1.com/peers/peer1.org1.com/tls/ca.crt
Above values are for reference only. You have to check that they are pointing to correct path.
I'm trying to enroll & register an admin to perform peer operations.
This is the bash code:
#!/bin/bash
user="$1"
pass="$2"
org="$3"
type="$4"
tlscerts="/chainset/hyperledger-config/crypto-config/ordererOrganizations/default.svc.cluster.local/msp/tlscacerts/ca-root-7054.pem"
fabric-ca-client enroll -u http://admin:adminpw#ca-root:7054
fabric-ca-client register --id.name ${user} --id.secret ${pass} --id.type ${type} --id.affiliation ${org} --id.attrs 'hf.Revoker=true,admin=true:ecert' -u http://ca-root:7054 --tls.certfiles ${tlscerts}
export FABRIC_CA_CLIENT_HOME=/chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/
fabric-ca-client enroll -u http://${user}:${pass}#ca-root:7054 --id.affiliation ${org} --tls.certfiles ${tlscerts}
mv /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/signcerts/cert.pem /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/signcerts/${user}#${org}-cert.pem
mkdir /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/admincerts/
cp /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/signcerts/* /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}#${org}/msp/admincerts/
When I try to create a new channel I get this error:
Description: error validating channel creation transaction for new channel 'newchannelf', could not successfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
This is my configtx.yml configuration. I don't know if it is a problem with the policies in this configuration file or if I'm not registering & enrolling the user correctly.
Organizations:
- &orderer
Name: orderer
ID: orderer
MSPDir: crypto-config/ordererOrganizations/default.svc.cluster.local/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orderer.member')"
Writers:
Type: Signature
Rule: "OR('orderer.member')"
Admins:
Type: Signature
Rule: "OR('orderer.admin')"
- &org1
Name: org1
ID: org1
MSPDir: crypto-config/peerOrganizations/org1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Writers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Admins:
Type: Signature
Rule: "OR('org1.admin')"
AnchorPeers:
- Host: peer0-org1-service
Port: 7051
- &org2
Name: org2
ID: org2
MSPDir: crypto-config/peerOrganizations/org2/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Writers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Admins:
Type: Signature
Rule: "OR('org2.admin')"
AnchorPeers:
- Host: peer0-org2-service
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
Orderer: &OrdererCapabilities
V1_4_2: true
Application: &ApplicationCapabilities
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
- *orderer
- *org1
- *org2
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer0-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
- Host: orderer1-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
- Host: orderer2-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
Addresses:
- orderer0-service:7050
- orderer1-service:7050
- orderer2-service:7050
BatchTimeout: 1s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
- *orderer
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *orderer
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *orderer
Consortiums:
MAIN:
Organizations:
- *org1
- *org2
MainChannel:
<<: *ChannelDefaults
Consortium: MAIN
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
This is what is happening:
You created a system channel (which is the orderer genesis block) by creating the MAIN consortium. Now the system channel was created with the peer organization MSPs at that moment. Followed by this, after the network was up, you went into org1/users and created an admin identity. You update local MSP of peer but the already existing system channel was never updated.
Possible solutions:
Update the admin credentials within org1/users before the network is set up.
Update the system channel configuration with the admin2 credentials post deployment by creating a channel update transaction.
Enable NodeOUs so that any admin identity generated dynamically post the network deployment can perform admin related transactions.
Organizations:
- &OrdererOrg
Name: OrderingService
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/reliance-network.com/msp
- &RelianceCapital
Name: RelianceCapitalMSP
ID: RelianceCapitalMSP
MSPDir: crypto-config/peerOrganizations/reliancecapital.reliance-network.com/msp
AnchorPeers:
- Host: peer0.reliancecapital.reliance-network.com
Port: 7051
- &RelianceCommunications
Name: RelianceCommunicationsMSP
ID: RelianceCommunicationsMSP
MSPDir: crypto-config/peerOrganizations/reliancecommunications.reliance-network.com/msp
AnchorPeers:
- Host: peer0.reliancecommunications.reliance-network.com
Port: 9051
- &RelianceEntertainment
Name: RelianceEntertainmentMSP
ID: RelianceEntertainmentMSP
MSPDir: crypto-config/peerOrganizations/relianceentertainment.reliance-network.com/msp
AnchorPeers:
- Host: peer0.relianceentertainment.reliance-network.com
Port: 11051
- &RelianceInfrastructure
Name: RelianceInfrastructureMSP
ID: RelianceInfrastructureMSP
MSPDir: crypto-config/peerOrganizations/relianceinfrastructure.reliance-network.com/msp
AnchorPeers:
- Host: peer0.relianceinfrastructure.reliance-network.com
Port: 13051
- &ReliancePower
Name: ReliancePowerMSP
ID: ReliancePowerMSP
MSPDir: crypto-config/peerOrganizations/reliancepower.reliance-network.com/msp
AnchorPeers:
- Host: peer0.reliancepower.reliance-network.com
Port: 15051
#Capabilities
Capabilities:
Global: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
#Application
Application: &ApplicationDefaults
Organizations:
#Orderer
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.reliance-network.com:7050
BatchTimeout: 5s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 256 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
#Profiles
Profiles:
OrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
RelianceConsortium:
Organizations:
- *RelianceCapital
- *RelianceCommunications
- *RelianceEntertainment
- *RelianceInfrastructure
- *ReliancePower
RelianceOrgs:
Consortium: RelianceConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *RelianceCapital
- *RelianceCommunications
- *RelianceEntertainment
- *RelianceInfrastructure
- *ReliancePower
Capabilities:
<<: *ApplicationCapabilities
<!-- end snippet -->
I am trying to create a network with 5 orgs.
1)Able to successfully create the crypto-config files
2) Channel artifacts are created successfully
3) Channel transaction is created successfully
4) Anchor peer transactions are created successfully
5) Created channel successfully
6) peer 0 of the first org is able to join the channel
But when peer 1 of first is trying to join the channel, getting the below error. What can be the reason.
******Error: error getting endorser client for channel: endorser client failed to connect to peer1.reliancecapital.reliance-network.com:8051: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp 192.168.64.12:8051: connect: connection refused"******
I don't know if this is still relevant, but you seem to have a DNS resolution problem on your hands. If you're launching this setup via docker-composer, then you might want to modify your /etc/host to route requests for peer1.reliancecapital.reliance-network.com to your localhost.
You can also statically bind peer1.reliancecapital.reliance-network.com to your machine's IP via the extra_hosts option in your docker-compose file. Also make sure that all your peers are in the same docker network.
I keep getting an error when creating a hyperledger channel
2018-12-15 10:52:07.687 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
Please advise.
Funny thing though I only get this error when I specify -channelID when I'm creating the genesis block. But it always works whenever I omit it.
I'm using the below setting to generate the channel.tx and genesis.block, I've also added the crypto configuration file.
The configtx is:
Organizations:
- &Main
Name: Main
ID: MainMSP
MSPDir: crypto-config/ordererOrganizations/blackbeard.com/msp
- &Actual
Name: Actual
ID: ActualMSP
MSPDir: crypto-config/peerOrganizations/actual.blackbeard.com/msp
AnchorPeers:
- Host: peer0.actual.blackbeard.com
Port: 7051
Application: &ApplicationDefaults
Organizations:
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.blackbeard.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Profiles:
OneOrgGenesisBlock:
Orderer:
<<: *OrdererDefaults
Organizations:
- *Main
Consortiums:
SampleConsortium:
Organizations:
- *Actual
OneOrgChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Actual
And the crypto-config as below:
OrdererOrgs:
- Name: Main
Domain: blackbeard.com
Specs:
- Hostname: main
PeerOrgs:
- Name: Actual
Domain: actual.blackbeard.com
Template:
Count: 1
Users:
Count: 1
Possibly down the network with byfn.sh -m down and start it back up (Source :-Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied). If this isnt the case please provide more information :)
I am trying to run a multi peer blockchain network using Hyperledger Fabric. My network has three peers.
Here is the configtx.yaml file:
Profiles:
ComposerOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
ComposerConsortium:
Organizations:
- *ManufacturerOrg
- *CustomerOrg
- *RegulatorOrg
ComposerChannel:
Consortium: ComposerConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ManufacturerOrg
- *CustomerOrg
- *RegulatorOrg
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/Orderer-org/msp
- &ManufacturerOrg
Name: ManufacturerOrg
ID: ManufacturerOrgMSP
MSPDir: crypto-config/peerOrganizations/Manufacturer-org/msp
# turn off security for the peer
#AdminPrincipal: Role.MEMBER
AnchorPeers:
- Host: manufacturer-peer
Port: 7051
- &CustomerOrg
Name: CustomerOrg
ID: CustomerOrgMSP
MSPDir: crypto-config/peerOrganizations/Customer-org/msp
# turn off security for the peer
AdminPrincipal: Role.MEMBER
AnchorPeers:
- Host: customer-peer
Port: 7051
- &RegulatorOrg
Name: RegulatorOrg
ID: RegulatorOrgMSP
MSPDir: crypto-config/peerOrganizations/Regulator-org/msp
# turn off security for the peer
AdminPrincipal: Role.MEMBER
AnchorPeers:
- Host: regulator-peer
Port: 7051
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
Organizations:
Application: &ApplicationDefaults
Organizations:
After building the network through docker-compose, the orderer container exits with the following error in its log file,
2018-07-23 05:02:12.544 UTC [orderer/commmon/multichannel] newLedgerResources -> CRIT 086 Error creating channelconfig bundle: initializing configtx manager failed: bad channel ID: channel ID 'ComposerChannel' contains illegal characters
panic: Error creating channelconfig bundle: initializing configtx manager failed: bad channel ID: channel ID 'ComposerChannel' contains illegal characters
It says channel ID 'ComposerChannel' contains illegal characters. Please help me understand what that means.
I'm pretty sure that there are no illegal characters in the configtx.yaml file while defining the channel
Channel ID can only contain lower-case alphanumeric characters and dashes.