I am looking at the fabric-samples.git. There is a folder called fabric-samples/basic-network. I have a few questions about it.
Here is a script called init.sh. What is it intended to do?
After using
./generate.sh ,
./start.sh
to provison a basic network, I am unable to use the CLI to query chaincode.
This is due to not having permissions. I expected that the peer would automatically have permissions to do this.
docker exec -it peer0.org1.example.com bash
root#b67973bdc00c:/opt/gopath/src/github.com/hyperledger/fabric# peer chaincode list --installed -C mychannel
Error: Error endorsing chaincode: rpc error: code = Unknown desc =
chaincode error (status: 500, message: Authorization for
GETINSTALLEDCHAINCODES on channel getinstalledchaincodes has been
denied with error Failed verifying that proposal's creator satisfies
local MSP principal during channelless check policy with policy
[Admins]: [This identity is not an admin])
I expected that root user of the container was an admin because of the contents of:
config/Org1MSPanchors.tx
What am I missing here?
When you query a peer using cli, you need to set certain environment variables first.
# Environment variables for PEER0
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
After that try querying the peer for chaincode list
Related
I'm trying to upgrade my Hyperledger Fabric network from v1.4.7 to v2.1. Upgrading peers and orderers is done smoothly and already instantiated chaincodes work well. (Channel capabilities still remaining v1.x.) However, when I try to upgrade the new version of my chaincode, it keeps failed.
In v1.4.7, I built a server to install/instantiate/upgrade a chaincode using Fabric SDK v1.4.x. However, I found that all APIs related to installing/instantiating/upgrading a chaincode had been removed from Fabric SDK v2.1. So, as the doc said, I tried to upgrade a chaincode using peer CLI.
First, I packaged my chaincode using peer lifecycle chaincode ... command. At this time, I set FABRIC_CFG_PATH to a core.yaml in fabric-samples folder (I don't understand why I do this for only packaging a chaincode, but anyway I did what the doc said). And I set CORE_PEER_MSPCONFIGPATH to my admin user msp folder.
After I got my chaincode package, I connect to my first peer, peer0.identity.bpl, using docker exec -it peer0.identity.bpl /bin/sh command. My docker container doesn't open the port outside in the production mode, so I need to connect the container inside.
Then, I typed the following command and I got the error message:
/artifacts # peer lifecycle chaincode install identity_cc_v1.2.0.tar.gz
Error: chaincode install failed with status: 500 - Failed to authorize invocation due to failed ACL check: Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [The identity is not an admin under this MSP [BPLMSP]: The identity does not contain OU [ADMIN], MSP: [BPLMSP]]
So, I think I need some 'admin' identity, so I copied my admin msp folder to this peer. Then, I set CORE_PEER_MSPCONFIGPATH to this copied admin msp folder. Then I got:
/artifacts # export CORE_PEER_MSPCONFIGPATH=/artifacts/org-admin/msp
/artifacts # peer lifecycle chaincode install identity_cc_v1.2.0.tar.gz
2020-05-26 07:21:47.020 UTC [main] InitCmd -> ERRO 001 Cannot run peer because error when setting up MSP of type bccsp from directory /artifacts/org-admin/msp: administrators must be declared when no admin ou classification is set
Now, I thought that maybe the OU setting had some problem. So, I disabled OU setting from the config.yaml file. But, I got the same error message again.
So, I changed CORE_PEER_MSPCONFIGPATH setting to original setting again, but now it said this is not an admin identity.
/artifacts # export CORE_PEER_MSPCONFIGPATH=/artifacts/msp
/artifacts # peer lifecycle chaincode install identity_cc_v1.2.0.tar.gz
Error: chaincode install failed with status: 500 - Failed to authorize invocation due to failed ACL check: Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]
I understand. This identity is just a peer identity, not an admin identity. So, I tried to enroll admin in this peer, but this fabric-peer docker image doesn't contain fabric-ca-client binary. So, I thought I did something wrong and this is not the intended way.
At this point, how can I install and instantiate the new version of my chaincode?
After I set OU config to admin msp that is copied to peer, every problem has been solved and installing/committing a chaincode works well.
I have a problem with BYFN in Hyperledger Fabric 1.4.3.
I ran byfn.sh generate and byfn.sh up without problems
I need to fetch a block. When I run this command:
peer channel fetch newest mychannel.block -c mychannel --orderer orderer.example.com:7050
from docker cli bash, I get the following error:
error receiving: rpc error code = unavailable desc = transport is closing
How to fix this?
I'm currently following hyperledger fabric document v1.4.6 to build first network(https://hyperledger-fabric.readthedocs.io/en/release-1.4/build_network.html#manually-generate-the-artifacts)
I first put the network down with ./byfn.sh down then tried creating the network.
However, when i go into docker cli and perform
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
this creates a error saying
InitCmd -> ERRO 001 Cannot run peer because cannot init crypto, folder "/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp" does not exist
So I tried again with network up (./byfn.sh up) now with the same procedure it creates different error saying
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'mychannel': error authorizing update: error validating ReadSet: proposed update requires that key [Group] /Channel/Application/Org1MSP be at version 0, but it is currently at version 1
at the same command
First, I'm not sure whether I should be having the network up or down and second how to fix the problem.
Thank you
If you want to perform the manual steps, you need to start from here (with any previous fabric networks down/removed) and follow all the steps in the order as listed on that page.
I first generate crypto materials using cryptogen and then start, for example, org1 CA server like so:
fabric-ca-server start --ca.certfile $(ls crypto-config/peerOrganizations/org1/ca/*.pem) --ca.keyfile $(ls crypto-config/peerOrganizations/org1/ca/*_sk) -d -b admin:adminpw --port 7054
From NodeJS SDK I can enroll admin and register (and enroll) new users. But when I try to access Fabric network with these new user credentials or even admin credentials, I get the below error on SDK console:
root#peer0:/var/hyperledger/api# ts-node src/invoke.ts
Wallet path: /var/hyperledger/api/wallet
2019-10-08T13:32:17.819Z - warn: [DiscoveryEndorsementHandler]: _build_endorse_group_member >> G0:0 - endorsement failed - Error: 2 UNKNOWN: access denied: channel [private-channel] creator org [Org1MSP]
2019-10-08T13:32:17.826Z - warn: [DiscoveryEndorsementHandler]: _build_endorse_group_member >> G0:0 - endorsement failed - Error: 2 UNKNOWN: access denied: channel [private-channel] creator org [Org1MSP]
2019-10-08T13:32:17.833Z - warn: [DiscoveryEndorsementHandler]: _build_endorse_group_member >> G1:0 - endorsement failed - Error: 2 UNKNOWN: access denied: channel [private-channel] creator org [Org1MSP]
2019-10-08T13:32:17.841Z - warn: [DiscoveryEndorsementHandler]: _build_endorse_group_member >> G1:0 - endorsement failed - Error: 2 UNKNOWN: access denied: channel [private-channel] creator org [Org1MSP]
Failed to submit transaction: Error: Endorsement has failed
peer log says:
MSP error: the supplied identity is not valid: x509: certificate signed by unknown authority.
I'm using exactly the same credentials in peer CLI container and SDK. I can do all chaincode operations from CLI, but why peers don't accept connection from SDK?
Does FABRIC_CA_SERVER_CA_NAME has anything to do with it? Does cryptogen also create a FABRIC_CA_SERVER_CA_NAME for the CA server? If so, are peer credentials associated with the CA name? In NodeJS SDK, I tried caName=ca-org1 as well as caName=ca.org1, but still getting same error.
I ran into this (or something very simalar) and managed to resolve it. The issue for me was incorrect paths to my .pem and private key files in the fabric-ca-server start command.
If the paths are incorrect, when the CA container starts it will be unable to locate your files (generated by cryptogen) so will generate its own.
The enroll and register scripts generate identities based on your cryptogen material, which is correct, but they're not the certs your CA has decided to generate for you.
To check if this is what's happening, have a look at the CA logs:
docker logs <your ca container>
Near the top where the server starts up, look for messages referring to missing keys, or messages about generating files.
Hope that helps.
I am working on prototyping a game using hyperledger-composer. I need to decrease the block time out however the instructions provided in the fabric-dev-servers do not work.
I followed the howtobuild.txt found in ~/fabric-dev-servers/fabric-scripts/hlfv12/composer however installing the network using composer network start --networkName .... the network fails to start with the error:
Error: Error trying to start business network. Error: Failed to connect to any peer event hubs. It is required that at least 1 event hub has been connected to receive the commit event
the versions i am uising are composer#20 and fabric docker images with the tag 1.2.1 (as downloaded by) ./startFabric.sh
The steps I have taken are exactly as follows:
cd ~/fabric-dev-servers/fabric-scripts/hlfv12/composer
nano configtx.yaml
inside this file I
Move the profile block to the bottom of the ymal (to stop the weird error)
change BatchTimeout to 200ms
changed MaxMessageCount to 1
after saving the file I do
rm -r crypto-config
cryptogen generate --config=./crypto-config.yaml
get the new key and update docker-composer.yml and docker-compose-dev.yml
$(ls -1 crypto-config/peerOrganizations/org1.example.com/ca/*_sk`
get key from keystore
ls -1 crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/*_sk
update peerAdminCard sell script with the new key
nano ../createPeerAdminCard.sh
Generate
configtxgen -profile ComposerChannel -outputCreateChannelTx ./composer-channel.tx -channelID composerchannel`
configtxgen -profile ComposerOrdererGenesis -outputBlock ./composer-genesis.block
create peer admin card
cd ../ && ./createPeerAdminCard.sh
At this point it starts downloading the fabric docker images, which all run successfully
I then create my BNA file and try to start the network
cd /my/buisness/network
composer archive create -t dir -n .
composer network install --card PeerAdmin#hlfv1 --archiveFile my-game#0.0.1.bna
composer network start --networkName my-game --networkVersion 0.0.1 --networkAdmin admin --networkAdminEnrollSecret adminpw --card PeerAdmin#hlfv1 --file networkadmin.card
which gives the error
Error: Error trying to start business network. Error: Failed to connect to any peer event hubs. It is required that at least 1 event hub has been connected to receive the commit event
The Debugging steps i have taken are as follows
After viewing the peer logs i can see delivering blocks to the orderer fails because composerchannel does not exist, so i manually try to create and join the channel manually
docker exec peer0.org1.example.com peer channel create -o orderer.example.com:7050 -c composerchannel -f /etc/hyperledger/configtx/composer-channel.tx
which is a success
2019-03-23 00:07:38.131 UTC [cli/common] readBlock -> INFO 05e Received block: 0
I then try to join the peer to the channel
docker exec peer0.org1.example.com peer channel join -o orderer.example.com:7050 -b composerchannel.block --tls --cafile /etc/hyperledger/msp/users/Admin#org1.example.com/tls/ca.crt --keyfile /etc/hyperledger/msp/users/Admin#org1.example.com/tls/client.key --certfile /etc/hyperledger/msp/users/Admin#org1.example.com/tls/client.crt
which gives the error
proposal failed (err: bad proposal response 500: access denied for [JoinChain][composerchannel]: [Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]])
There are a lot of different 'Admin' Pems inside the /etc/hyperledger/msp and /etc/hyperledger/tls so I'm pretty much trying all combinations
I'm at a loss, I've been on google for hours trying to find anyone with the same issue but have come up short. Any help will be appreciated.
UPDATE
Turns out explicitly defining the certificates where not needed. running this command allowed me to join the channel.
docker exec peer0.org1.example.com peer channel join -o orderer.example.com:7050 -b composerchannel.block --clientauth --tls
at this point all the docker containers were running and the channel was working. i manage to be able to start the network and everything ran fine (i could request the chaincode, ledger was updating fine etc). However it still seems to take 2 seconds to process a transaction. Again i did some debugging to make sure the config on the order was correct.
fetch config block from channel on orderer
docker exec peer0.org1.example.com peer channel fetch config config_block.pb -o http_s_://orderer.example.com:7050 -c composerchannel --tls --cafile /etc/hyperledger/peer/msp/tlscacerts/tlsca.org1.example.com-cert.pem
copy out of container to local machine
docker cp 5eeaf8c650f8:/root/config_block.pb config_block.pb
convert from proto-buf to json (using configtxlator binary found in fabric-samples)
configtxlator docker exec peer0.org1.example.com proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
After getting the config of the channel i could see that the BatchTimeout was 200ms and BatchAmount was 1, yet i still have the 2 seconds timeout per transaction.
While working with Hyperledger composer now you have to keep in mind that it is obselete. I have followed these same steps many times in the past and built custom networks. I think your issue could be of version mismatch. Try downgrading composer to 0.19.
Additionally, did you try doing a docker ps to make sure that all the required containers are running?
Also, before doing the configtxgen command there's a simple command
export FABRIC_CFG_PATH=$PWD
Did you do this?