I have deployed two org hyperledger network. Now I want to create a new business card for a new user for connection byfn-network-org1.
I executed
composer identity request -c PeerAdmin#byfn-network-org1-only -u admin -s adminpw -d rock
and then
composer card create -p connection-org1.json -u rock -n supply-chain -c rock/admin-pub.pem -k rock/admin-priv.pem
and then imported the card.
Now when I am trying to ping the network with it its giving error :
Error: Error trying to ping. Error: Error trying to query business network. Error: chaincode error (status: 500, message: Error: The current identity has not been registered: admin).
What shall I do to now to make this card access the network.
The correct way to create a new card for new users is to Create a Participant in the Business Network, and then Issue an Identity to that Participant.
You can create the Partitipant via the Playground, the REST server or via the CLI - here is an example from the CLI:
composer participant add -c admin#tutorial-network -d '{"$class":"org.acme.biznet.Trader","tradeId":"t12","firstName":"Charles","lastName":"Thomas"}'
You can Issue the Identity to that Participant again via the Playground, REST server or CLI - here is an example for the CLI:
composer identity issue -c admin#tutorial-network -f ct02.card -u charlie -a "resource:org.acme.biznet.Trader#t12"
On the machine where you want to use the card - Import the card. CLI example here:
composer card import -f ct02.card
Test the card:
composer network ping -c charlie#tutorial-network
Related
I have run the network using the below command
composer-rest-server -c admin#mynetwork -n never -w true
In the network there are some other participants also like
Participant1 has p1#mynetwork card
Participant2 has p2#mynetwork card
Now the problem is how to connect to another card while doing the transaction.
I want to do the transaction1 with p1 card and transaction2 with p2 card.
How to do that connection while doing the transaction.
I am using to call the transaction in nodejs by calling
http://localhost:3000/api/transaction1
You can do it in 2 ways:
1st way:
You can create an account in github OAuth to authenticate user for your hyperledger rest server. What this does is that your rest-server will then get a wallet where user will upload their card and then activate that card. Now whatever transaction that you will perform will carry on being the participant, whose card that is.
Steps:
Export variable COMPOSOSER_PROVIDERS with your github clientID and clientSecret on your terminal.
export
COMPOSER_PROVIDERS='{"github":"provider":"github","module":"passportgithub","clientID":"c1e68c173a1*******","clientSecret":"**************a2219abc380fa43ace7519","authPath":"/auth/github","callbackURL":"/auth/github/callback","successRedirect":"
","failureRedirect":"/"}}'
Install passport-github
npm install -g passport-github
start composer-rest-server with multiple user mode enabled
composer-rest-server --card admin#mynetwork -n never -p 3000 -a true -m
true
Finally authenticate your github account at url
localhost:3000/auth/github
2nd way: (Not Preferable But Easiest :) )
You can create composer rest server at different port using command
composer-rest-server -c p1#mynetwork -n never -w true -p 4000
Now whatever transaction you want to perform by participant1. Perform on port 4000.
I'm newbie in the HyperLedger Fiber Technology and I'm following this official tutorial to build my first network. I replaced example.com with the domain of my company. After generating certificates I ran the follow command to up my network:
./byfn.sh up -c ttchannel
I get the following error during channel creation:
Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
!!!!!!!!!!!!!!! Channel creation failed !!!!!!!!!!!!!!!!
Then I verified from PEERs containers that peers are already connected with this channel (don't know why and when this connection got established), So, I restarted this network and then got the following error:
Error: failed to create deliver client: failed to load config for OrdererClient: unable to load orderer.tls.rootcert.file: open /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/vodworks.com/orderers/orderer.vodworks.com/msp/tlscacerts/tlsca.vodworks.com-cert.pem: no such file or directory
!!!!!!!!!!!!!!! Channel creation failed !!!!!!!!!!!!!!!!
And then I verified in the CLI container that crypto directory wasn't accessible so I have to restart that container to make it accessible. but still I was unable to run it.
Can anyone please suggest that what these error means and how can I run my network?
Where exactly did you change "example.com"? I'm pretty sure the setup script also creates all the crypto material based on configtx.yaml file, that has "example.com" as domain everywhere. The docker-compose files then map the created folders as volume into the container (see docker-compose-base.yml):
../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
So the docker-compose file also expects the certs to be in this folders. From your description I would expect that you missed to change the domain at some point.
The Reason of this error was that network was not going down properly. All the peers were connected with the channel already as I verified by running the command peer channel list inside the container of each peer which was resulting in the following output:
Channels peers has joined:
ttchannel
And with this situation, the command peer channel create ... was actually throwing this error. So, I'm able to run the network successfully with the following command:
**./byfn.sh restart -c ttchannel -s couchdb -t 60 -d 10**
Which actually first put the network down and then start it again.
I am trying to create a new identity with this command: composer identity issue -c admin#siemens-network -f administrator1.card -u Administrator1 -a "resource:org.siemens.Administrator#001"
But I get the following output:
Issue identity and create Network Card for: Administrator1
✖ Issuing identity. This may take a few seconds...
Error: fabric-ca request register failed with errors [[{"code":20,"message":"Authorization failure"}]]
Command failed
I already restarted the fabric but it still doesn't work
Please check admin#siemens-network card has existed
composer card list
If you do not have this card, access the folder containing the createPeerAdminCard.sh file and run
./createPeerAdminCard.sh
Hope it helps you.
I deleted all cards, restarted the network and reimported all cards. Now it's working
I am new to Hyperledger fabric.
I was able to use one tutorial to:
install prerequisites and hyperledger composer development tools
create a fabric network
install/deploy business network
create an angular front end
However, the fabric network that got created has only one organization and a peer. For my POC, I need three organizations with one peer each.
How can I add additional organizations and peers in existing fabric network?
Steps
A) Install prerequisites
(Run in dir - dev5#ubuntu:~$)
1) You can start by updating and upgrading the package manager
sudo apt-get update
sudo dpkg --configure -a
2 Install curl
sudo apt-get install curl
3 Check curl version
curl --version
4 Install Go Language
$ cd $HOME/
wget https://storage.googleapis.com/golang/go1.8.1.linux-amd64.tar.gz
$ tar -xvf go1.8.1.linux-amd64.tar.gz
$ mkdir $HOME/gopath
$ export GOPATH=$HOME/gopath
$ export GOROOT=$HOME/go
$ export PATH=$PATH:$GOROOT/bin
$ go version
5 Download the prerequisites file using the following commands \
curl -O https://hyperledger.github.io/composer/latest/prereqs-ubuntu.sh
6 Install libltdl-dev
apt-get install libltdl-dev
7 Open preres-ubuntu.sh file for reference. Get following commands from the file. Check if they match. If no, then use the one in the file.
8 This command is at string "Array of supported versions". Run it
declare -a versions=('trusty' 'xenial' 'yakkety', ‘bionic’);
9 Update the CODENAME var that is used in future
if [ -z "$1" ]; then
source /etc/lsb-release || \
(echo "Error: Release information not found, run script passing Ubuntu version codename as a parameter"; exit 1)
CODENAME=${DISTRIB_CODENAME}
else
CODENAME=${1}
fi
10 Check if version is supported
if echo ${versions[#]} | grep -q -w ${CODENAME}; then
echo "Installing Hyperledger Composer prereqs for Ubuntu ${CODENAME}"
else
echo "Error: Ubuntu ${CODENAME} is not supported"
exit 1
fi
11 Update the package manager
sudo apt-get update
12 Install Git
sudo apt-get install -y git
13 Install nvm dependencies
sudo apt-get -y install build-essential libssl-dev
14 Execute nvm installation script
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.2/install.sh | bash
15 Set up nvm environment without restarting the shell
export NVM_DIR="${HOME}/.nvm"
[ -s "${NVM_DIR}/nvm.sh" ] && . "${NVM_DIR}/nvm.sh"
[ -s "${NVM_DIR}/bash_completion" ] && . "${NVM_DIR}/bash_completion"
16 Install node
nvm install --lts
17 Configure nvm to use version 6.9.5
nvm use --lts
nvm alias default 'lts/*'
18 Install the latest version of npm
npm install npm#latest -g
19 Add Docker repository key to APT keychain
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
20 Update where APT will search for Docker Packages
echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu
${CODENAME} stable" | \
sudo tee /etc/apt/sources.list.d/docker.list
21 Update package lists
sudo apt-get update
22 Verifies APT is pulling from the correct Repository
sudo apt-cache policy docker-ce
23 Install Docker
sudo apt-get -y install docker-ce
24 Install docker compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.13.0/docker-compose-$(uname -s)-$(uname -m)" \
-o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
25 Install python v2 if required
set +e
COUNT="$(python -V 2>&1 | grep -c 2.)"
if [ ${COUNT} -ne 1 ]
then
sudo apt-get install -y python-minimal
fi
26 Install unzip, required to install hyperledger fabric.
sudo apt-get -y install unzip
27 Upgrade docker-compose as >= 1.18 is needed
sudo curl -L https://github.com/docker/compose/releases/download/1.18.0/docker- compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
28 Clone the fabric-samples from the github
git clone https://github.com/mahoney1/fabric-samples.git
B Install hyperledger composer development tools
(Run in dir - dev5#ubuntu:~$ )
1 Install the CLI tools -
composer-cli npm install -g composer-cli
composer-rest-server npm install -g composer-rest-server
generator-hyperledger-composer npm install -g generator-hyperledger-composer
Yeoman npm install -g yo
2 Set up your IDE
https://code.visualstudio.com/download
Open VSCode, go to Extensions, then search for and install the Hyperledger Composer extension from the Marketplace.
C Run fabric network
(Run in dir - dev5#ubuntu:~$ fabric-samples)
1 Change directory to fabric-samples
cd fabric-samples
2 Download the platform binaries, including cryptogen using this command (three parameters needed for the bash command):
3 To work with current fabric level, run this command
git checkout multi-org
4 Check downloaded binaries. Change directory to bin
cd bin
ls
5 Change to first-network directory
cd ../
cd first-network
ls
6 Generate the required certificates and articates for your first network
./byfn.sh -m generate
7 Start the fabric
sudo ./byfn.sh -m up -s couchdb -a
On error - "Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?"
Check if docker is active
sudo systemctl is-active docker
If not active, then
sudo docker images
sudo usermod -aG docker $(whoami)
sudo usermod -a -G docker $USER
sudo docker --version
To start docker, run
sudo service docker restart
8 Start the fabric again
$ sudo ./byfn.sh -m up -s couchdb -a
9 If still the network fails to start, then restart the channel
sudo ./byfn.sh -m restart -c mychannel
D Run fabric network
*Organization Org1 is represented by Alice
Organization Org2 is represented by Bob*
1 Create a temporary working directory (and subdirectories) to manage the Composer connection profiles and key/certificate files
mkdir -p /tmp/composer/org1
mkdir -p /tmp/composer/org2
2 Create a base connection profile that describes this fabric network that can be given to
Alice and Bob
Go to /tmp/composer
cd /
cd tmp
cd composer
Open editor and copy paste the contents of byfn-network.json sheet in the editor and save it as byfn-network.json
nano
3 Open byfn-network.json and replace all instances of the text INSERT_ORG1_CA_CERT with the CA certificate for the peer nodes for Org1
[Run in dir - dev5#ubuntu:~$ fabric-samples/first-network]
3.1 Run the command and get the certificate from the generated .pem file so that it can be embedded into the above connection profile
3.11 Go to first network folder
cd /
cd home/dev5
cd fabric-samples/first-network
3.12 Execute the command to generate /tmp/composer/org1/ca-org1.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt > /tmp/composer/org1/ca-org1.txt
3.13 Open ca-org1
3.14 Copy the contents of the file /tmp/composer/org1/ca-org1.txt and replace the text INSERT_ORG1_CA_CERT in the .json file
4 In the same .json file - you need to replace all instances of the text INSERT_ORG2_CA_CERT with the CA certificate for the peer nodes for Org2
4.1 Run the command and get the certificate from the generated .pem file so that it can be embedded into the above connection profile
4.11 Execute the command to generate /tmp/composer/org1/ca-org2.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt > /tmp/composer/org2/ca-org2.txt
4.12 Open ca-org2
4.13 Copy the contents of the file /tmp/composer/org1/ca-org2.txt and replace the text
INSERT_ORG2_CA_CERT in the .json file
5 Replace all instances of the text
INSERT_ORDERER_CA_CERT with the CA certificate for the orderer node
5.1 Run the command and get the certificate from the generated .pem file so that it can be embedded into the above connection profile
5.11 Execute the command to generate /tmp/composer/org1/ca-orderer.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt > /tmp/composer/ca-orderer.txt
5.12 Open ca-orderer.txt
5.13 Copy the contents of the file /tmp/composer/org1/ca-orderer.txt and replace the text INSERT_ORDERER_CA_CERT in the .json file
6 Save this file as /tmp/composer/byfn-network.json
This connection profile now describes the fabric network setup, all the peers, orderers and certificate authorities that are part of the network, it defines all the organizations that are participating in the network and also defines the channel's on this network. {{site.data.conrefs.composer_full}} can only interact with a single channel so only one channel should be defined.
7 Customize the connection profile for Org1
In the connection profile /tmp/composer/byfn-network.json between the version property and just before the channel property, add this block that specifies the organization that alice belongs to, in a client section with optional timeouts. Save the connection profile file as a NEW file called byfn-network-org1.json in /tmp/composer/org1/
"client": {
"organization": "Org1",
"connection": {
"timeout": {
"peer": {
"endorser": "300",
"eventHub": "300",
"eventReg": "300"
},
"orderer": "300"
}
}
},
8 Customize the connection profile for Org2
In the connection profile /tmp/composer/byfn-network.json between the version property and just before the channel property, add this block that specifies the organization that bob belongs to, in a client section with optional timeouts. Save the connection profile file as a NEW file called byfn-network-org2.json in /tmp/composer/org2/
"client": {
"organization": "Org2",
"connection": {
"timeout": {
"peer": {
"endorser": "300",
"eventHub": "300",
"eventReg": "300"
},
"orderer": "300"
}
}
},
9 Copy the certificate and private key to /tmp/composer/org1 for Org1
export ORG1=crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
cp -p $ORG1/signcerts/A*.pem /tmp/composer/org1
cp -p $ORG1/keystore/*_sk /tmp/composer/org1
10 Copy the certificate and private key to /tmp/composer/org2 for Org2
export ORG2=crypto-config/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp
cp -p $ORG2/signcerts/A*.pem /tmp/composer/org2
cp -p $ORG2/keystore/*_sk /tmp/composer/org2
11 Creating business network cards for the administrator for Org1
composer card create -p /tmp/composer/org1/byfn-network-org1.json -u PeerAdmin -c /tmp/composer/org1/Admin#org1.example.com-cert.pem -k /tmp/composer/org1/*_sk -r PeerAdmin -r ChannelAdmin -f PeerAdmin#byfn-network-org1.card
12 Creating business network cards for the administrator for Org2
composer card create -p /tmp/composer/org2/byfn-network-org2.json -u PeerAdmin -c /tmp/composer/org2/Admin#org2.example.com-cert.pem -k /tmp/composer/org2/*_sk -r PeerAdmin -r ChannelAdmin -f PeerAdmin#byfn-network-org2.card
13 Import the business network cards for the administrator for Org1
composer card import -f PeerAdmin#byfn-network-org1.card --card PeerAdmin#byfn-network-org1
14 Import the business network cards for the administrator for Org2
composer card import -f PeerAdmin#byfn-network-org2.card --card PeerAdmin#byfn-network-org2
15 Create business network archive file for the desired business network
16 Install the business network onto the peer nodes for Org1
composer network install --card PeerAdmin#byfn-network-org1 --archiveFile trade-network.bna
17 Install the business network onto the peer nodes for Org2
composer network install --card PeerAdmin#byfn-network-org2 --archiveFile fta-fab-net.bna
18 Define the endorsement policy for the business network
Create an endorsement policy file using content of sheet endorsement-policy.json and save it in /tmp/composer/ with name endorsement-policy.json
The endorsement policy you have just created states that both Org1 and Org2 must endorse transactions in the business network before they can be committed to the blockchain. If Org1 or Org2 do not endorse transactions, or disagree on the result of a transaction, then the transaction will be rejected by the business network.
19 Retrieve business network administrator certificates for Org1
Run the composer identity request command to retrieve certificates for Alice to use as the business network administrator for Org1
composer identity request -c PeerAdmin#byfn-network-org1 -u admin -s adminpw -d alice
20 Retrieve business network administrator certificates for Org2
Run the composer identity request command to retrieve certificates for Bob to use as the business network administrator for Org2
composer identity request -c PeerAdmin#byfn-network-org2 -u admin -s adminpw -d bob
21 Start the business network
composer network start -c PeerAdmin#byfn-network-org1 -n fta-fab-net -V 0.1.14 -o endorsementPolicyFile=/tmp/composer/endorsement-policy.json -A alice -C alice/admin-pub.pem -A bob -C bob/admin-pub.pem
Note: the version number of bna file should be used in this command
If the command fails then check the docker, start the fabric n/w, install the bna file, check if tmp/compser is present
Once the business network is started. both Alice and Bob will be able to access the business network, start to set up the business network, and onboard other participants from their respective organizations.
Alice and Bob must create new business network cards with the certificates that they created in the previous steps so that they can access the business network.
22 Creating a business network card to access the business network as Org1
Create a business n/w card
composer card create -p /tmp/composer/org1/byfn-network-org1.json -u alice -n fta-fab-net -c alice/admin-pub.pem -k alice/admin-priv.pem
Import the business network card
composer card import -f alice#fta-fab-net.card
Test the connection to the blockchain business network
composer network ping -c alice#fta-fab-net
23 Creating a business network card to access the business network as Org2
Create a business n/w card
composer card create -p /tmp/composer/org2/byfn-network-org2.json -u bob -n fta-fab-net -c bob/admin-pub.pem -k bob/admin-priv.pem
Import the business network card
composer card import -f bob#fta-fab-net.card
Test the connection to the blockchain business network
composer network ping -c bob#fta-fab-net
24 Start the RESTful API composer-rest-server
Answer the questions as given below:
Enter the name of the business network card to use: alice#fta-fab-net
Specify if you want namespaces in the generated REST API: never use namespaces
Specify if you want to use an API key to secure the REST API: No
Specify if you want to enable authentication for the REST API using Passport: No
Specify if you want to enable the explorer test interface: Yes
Specify a key if you want to enable dynamic logging: dts
Specify if you want to enable event publication oevr websockets: Yes
Specify if you want to enable TLS Security for the REST API: No
Open browser and go to URL
http://localhost:3000/explorer
This will open rest server
I have an issue with the deployment of business network (composer version 0.14.2):
I request an identity to the fabric-ca (enrolling as admin password adminpw , same as the bootstrapping identity of the fabric-ca-server)
I receive a certificate and a private key back, I import that identity into the userID adminCC (matching the previous certificate and key to this userID) and I try to deploy a network with enrollmentID adminCC and businessnetworkadmin adminCC
I get an error saying that Error: Error trying deploy. Error: Error trying install composer runtime. Error: chaincode error (status: 500, message: Authorization for INSTALL has been denied (error-Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]))
Any help with this issue? Shouldn't the certificate requested to the fabric-ca be one with admin rights?
The error you have received is from the peer saying the identity you have used does not have admin rights so is not permitted to install the chaincode onto it.
The admin identity in your fabric-ca-server setup is just a bootstrap identity for the fabric-ca-server and as such has only issuer rights on the fabric-ca-server from which you obtained it and has no admin rights on any part of the fabric network.
If you were running on v0.13.2 or lower before, there was a breaking change when they upgrade to v0.14.0 or v0.14.2. You can read about it more here. But the gist of it was all previous releases of Composer, all digital certificates with admin in the name (case insensitive) have had "privileged access" to the business network - essentially it acted as if the access control rules were disabled. They replace this with a more secure model. So you can change your permissions.pcl file and add:
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to
system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
Then after you archive your BNA, in order to deploy properly use:
composer network deploy -p hlfv1 -a {ban_location/ban_name.bna} -i PeerAdmin -s randomString -A admin -S adminpw
After this you can the old commands using admin and adminpw as before like:
composer-rest-server -p hlfv1 -n my-network -i admin -s adminpw -N never