Why peer chaincode instantiate execuate many times successfully - hyperledger-fabric

I could execute peer chaincode instantiate many times successfully, it should returns it exist, but no. why?
logs after instantiate command
logs the docker returns
steps:
from my github project chaincode-docker-devmode, I copy msp (peer and orderer use together) 、genesis.block、helloch.tx、docker-compose-with-couch.yaml and so on form other place,it should be ok. When I execute :
docker-compose -f docker-compose-with-couch.yaml up
peer、orderer、couchdb0、cli start and then cli execute script.sh
#script.sh content
peer channel create -c helloch -f helloch.tx -o orderer:7050
peer channel join -b helloch.block
then I simulate cli enviroment using terminal at chaincode-docker-devmode current path by following:
#cli simulation, $pwd is the chaincode-docker-devmode path
export CORE_VM_ENDPOINT=unix:///var/run/run/docker.sock
export CORE_LOGGING_LEVEL=DEBUG
export CORE_PEER_ID=cli
export CORE_PEER_ADDRESS=127.0.0.1:7051
export CORE_PEER_LOCALMSPID=DEFAULT
export CORE_PEER_MSPCONFIGPATH=$pwd/msp
bash
When I execute peer channel list It could shows I have join helloch
channel. Then I execute :
peer chaincode install -n hello -v 1.0 -l java -p chaincode/hsl-hsl-user-guide-examples-v14/mytest
peer chaincode instantiate -o 127.0.0.1:7050 -C helloch -n hello -v 1.0 -l java -c "{\"Args\":[\"init\",\"a\", \"100\", \"b\",\"100\"]}"
But I can instantiate many times and the log does not return error as same as above instantiate logs, actually it does not instantiate successfully, why?

Instantiate of the chaincode is essentially a transaction, therefore it has to be endorsed, ordered and committed to take effect. Now in your case peer cli instantiate command succeeds since the transaction proposal successfully endorsed and signed proposal submitted to the ordering service. While based on the following log output:
peer | 2017-09-05 01:09:23.650 UTC [ConnProducer] NewConnection -> ERRO 6da Failed connecting to 127.0.0.1:7050 , error: context deadline exceeded
peer | 2017-09-05 01:09:23.650 UTC [deliveryClient] connect -> ERRO 6db Failed obtaining connection: Could not connect to any of the endpoints: [127.0.0.1:7050]
Peer cannot get connected to the ordering service endpoint which in your case configured to be 127.0.0.1:7050, therefore eventually instantiate transaction is not committed. Therefore you do able to execute the instantiate command again, since no instantiate transaction record exists on the peer ledger from your previous attempt.
You need to change ordering service endpoint from 127.0.0.1:7050 to orderer:7050 and retry your experiment. This value configured inside configtx.yaml file, e.g.:
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer:7050

In my case, this was giving me trouble because I did not give the instantiation process enough time before calling an invoke/query transaction.
Try adding a sleep command between your instantiate and invoke/query transaction:
peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -n fabcar -l "$LANGUAGE" -v 1.0 -c '{"Args":[""]}' -P "OR ('Org1MSP.member','Org2MSP.member')"
# Sleeping to allow time for chaincode to instantiate on peers
sleep 30
peer chaincode invoke -o orderer.example.com:7050 -C mychannel -n fabcar -c '{"function":"initLedger","Args":[""]}'
This only applies in the case that you are running a "startup" script in a CLI container of some sort. In my case, I have script.sh which runs when I first bring the network up.

You can instantiate a chaincode with same name only once.

peer channel create -c helloch -f helloch.tx -o 127.0.0.1:7050
after above, you could see the helloch.block detail message by command
configtxgen --inspectBlock helloch.block
It shows
"OrdererAddresses": {
"Version": "0",
"ModPolicy": "/Channel/Orderer/Admins",
"Value": {
"addresses": [
"127.0.0.1:7050"
]
}
},
it seems that the connected orderer address which in helloch.block(channel configuration) comes from genesis.block (which generate from configtx.yaml )

Related

Hyperledger-composer unable to change BlockTimeout

I am working on prototyping a game using hyperledger-composer. I need to decrease the block time out however the instructions provided in the fabric-dev-servers do not work.
I followed the howtobuild.txt found in ~/fabric-dev-servers/fabric-scripts/hlfv12/composer however installing the network using composer network start --networkName .... the network fails to start with the error:
Error: Error trying to start business network. Error: Failed to connect to any peer event hubs. It is required that at least 1 event hub has been connected to receive the commit event
the versions i am uising are composer#20 and fabric docker images with the tag 1.2.1 (as downloaded by) ./startFabric.sh
The steps I have taken are exactly as follows:
cd ~/fabric-dev-servers/fabric-scripts/hlfv12/composer
nano configtx.yaml
inside this file I
Move the profile block to the bottom of the ymal (to stop the weird error)
change BatchTimeout to 200ms
changed MaxMessageCount to 1
after saving the file I do
rm -r crypto-config
cryptogen generate --config=./crypto-config.yaml
get the new key and update docker-composer.yml and docker-compose-dev.yml
$(ls -1 crypto-config/peerOrganizations/org1.example.com/ca/*_sk`
get key from keystore
ls -1 crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/*_sk
update peerAdminCard sell script with the new key
nano ../createPeerAdminCard.sh
Generate
configtxgen -profile ComposerChannel -outputCreateChannelTx ./composer-channel.tx -channelID composerchannel`
configtxgen -profile ComposerOrdererGenesis -outputBlock ./composer-genesis.block
create peer admin card
cd ../ && ./createPeerAdminCard.sh
At this point it starts downloading the fabric docker images, which all run successfully
I then create my BNA file and try to start the network
cd /my/buisness/network
composer archive create -t dir -n .
composer network install --card PeerAdmin#hlfv1 --archiveFile my-game#0.0.1.bna
composer network start --networkName my-game --networkVersion 0.0.1 --networkAdmin admin --networkAdminEnrollSecret adminpw --card PeerAdmin#hlfv1 --file networkadmin.card
which gives the error
Error: Error trying to start business network. Error: Failed to connect to any peer event hubs. It is required that at least 1 event hub has been connected to receive the commit event
The Debugging steps i have taken are as follows
After viewing the peer logs i can see delivering blocks to the orderer fails because composerchannel does not exist, so i manually try to create and join the channel manually
docker exec peer0.org1.example.com peer channel create -o orderer.example.com:7050 -c composerchannel -f /etc/hyperledger/configtx/composer-channel.tx
which is a success
2019-03-23 00:07:38.131 UTC [cli/common] readBlock -> INFO 05e Received block: 0
I then try to join the peer to the channel
docker exec peer0.org1.example.com peer channel join -o orderer.example.com:7050 -b composerchannel.block --tls --cafile /etc/hyperledger/msp/users/Admin#org1.example.com/tls/ca.crt --keyfile /etc/hyperledger/msp/users/Admin#org1.example.com/tls/client.key --certfile /etc/hyperledger/msp/users/Admin#org1.example.com/tls/client.crt
which gives the error
proposal failed (err: bad proposal response 500: access denied for [JoinChain][composerchannel]: [Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]])
There are a lot of different 'Admin' Pems inside the /etc/hyperledger/msp and /etc/hyperledger/tls so I'm pretty much trying all combinations
I'm at a loss, I've been on google for hours trying to find anyone with the same issue but have come up short. Any help will be appreciated.
UPDATE
Turns out explicitly defining the certificates where not needed. running this command allowed me to join the channel.
docker exec peer0.org1.example.com peer channel join -o orderer.example.com:7050 -b composerchannel.block --clientauth --tls
at this point all the docker containers were running and the channel was working. i manage to be able to start the network and everything ran fine (i could request the chaincode, ledger was updating fine etc). However it still seems to take 2 seconds to process a transaction. Again i did some debugging to make sure the config on the order was correct.
fetch config block from channel on orderer
docker exec peer0.org1.example.com peer channel fetch config config_block.pb -o http_s_://orderer.example.com:7050 -c composerchannel --tls --cafile /etc/hyperledger/peer/msp/tlscacerts/tlsca.org1.example.com-cert.pem
copy out of container to local machine
docker cp 5eeaf8c650f8:/root/config_block.pb config_block.pb
convert from proto-buf to json (using configtxlator binary found in fabric-samples)
configtxlator docker exec peer0.org1.example.com proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
After getting the config of the channel i could see that the BatchTimeout was 200ms and BatchAmount was 1, yet i still have the 2 seconds timeout per transaction.
While working with Hyperledger composer now you have to keep in mind that it is obselete. I have followed these same steps many times in the past and built custom networks. I think your issue could be of version mismatch. Try downgrading composer to 0.19.
Additionally, did you try doing a docker ps to make sure that all the required containers are running?
Also, before doing the configtxgen command there's a simple command
export FABRIC_CFG_PATH=$PWD
Did you do this?

Error when invoking chaincode: signature set did not satisfy policy

I have a little network up in Hyperledger Fabric 1.4 which is very similar to the basic-network from the examples.
It has:
One orderer organization with orderer peer
One Hospital organization with two peers.
A single channel on which the peers of the hospital are.
I tried to write a very simple demo smart contract/chaincode and have it invoked.
(The smart contract is called bananascc)
Running from the docker container cli /bin/bash associated to a peer0.hospital1.health.com peer, I successfully install and instantiate:
peer chaincode install -n bananascc -v 1.0 -l node -p /opt/gopath/src/github.com/chaincode/chaincode_bananas/node
peer chaincode instantiate -o orderer.health.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/health.com/orderers/orderer.health.com/msp/tlscacerts/tlsca.health.com-cert.pem -C hospital1channel -n bananascc -l node -v 1.0 -c '{"Args":["init","edo","100"]}' -P "OR ('Hospital1MSP.admin', 'Hospital1MSP.peer' )"
With policy -P "OR ('Hospital1MSP.admin', 'Hospital1MSP.peer' )"
But when I try to invoke the chaincode, the transaction is sent successfully but the operation is not executed, as I get a
peer0.hospital1.health.com | 2019-03-06 10:36:44.525 UTC [vscc] Validate -> ERRO 07e VSCC error: stateBasedValidator.Validate failed, err validation of endorsement policy for chaincode bananascc in tx 6:0 failed: signature set did not satisfy policy
peer0.hospital1.health.com | 2019-03-06 10:36:44.525 UTC [committer.txvalidator] validateTx -> ERRO 07f VSCCValidateTx for transaction txId = d6726e0b2daf11d0e3ef24e86fa0e7a5530f2d98dcc4ad1f0d266ca642be1ee3 returned error: validation of endorsement policy for chaincode bananascc in tx 6:0 failed: signature set did not satisfy policy
I reckon that the transaction has to be evaluated against a valid signature set, but I can't understand where I can specify this, or why it should be wrong according to VSCC.
I'd be very happy if anyone could help me figure out. I have already broadly looked for an answer which I haven't found.
Let me know if you need other information on the issue.
Thank you very much.
The problem is probably caused by the order of instantiating the policies.
Can you simply swap the declaration to:
peer chaincode instantiate -o orderer.health.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/health.com/orderers/orderer.health.com/msp/tlscacerts/tlsca.health.com-cert.pem -C hospital1channel -n bananascc -l node -v 1.0 -c '{"Args":["init","edo","100"]}' -P "OR ('Hospital1MSP.peer','Hospital1MSP.admin')"
To avoid this pitfall, identities should be specified from most privileged to least privileged in the policy identities specification, and signatures should be ordered from least privileged to most privileged in the signature set.
Read here: https://hyperledger-fabric.readthedocs.io/en/release-1.4/policies.html
If there is only one organization, does not make sense the need of a policy (only used between organizations), so I removed and it worked!
My code line:
peer chaincode instantiate -o orderer.orgX.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -l ${LANGUAGE} -v 1.0 -c '{"Args":["init","a","100","b","200"]}' >&log.txt

Endorsement policy in Hyperledger Fabric

I am using Hyperledger Fabric version 1.2. I have created a channel with 1 orderer and 10 peer nodes, all belonging to the same organisation. I want to instantiate the chaincode with the endorsement policy such that all the peers of ORG1 are the endorsing peer, not just 1. What is the valid expression for the same?
Currently using the following policy:
docker exec -e "CORE_PEER_ADDRESS=peer0.org1.example.com:7051" cli peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -n chainname -v 1.0 -c '{"Args":[""]}' -P "AND('Org1MSP.member')"
Fabric documentation contains examples of including peers from different organisations.
This can be achived while invoking the chaincode. You have to pass the peer addresses of all the peer nodes who you want to act as endorsing peers
peer chaincode invoke -o orderer0.abc.com:7050 -C abcchannel -n fabcar --peerAddresses peer0.org1.example.com:7051 --peerAddresses peer1.org1.example.com:7051 -c '{"Args":["initLedger"]}'
Unfortunately! there no valid command for that, you can follow two steps if you want to achieve this:
Write your own custom endorsement logic by a plugin. This method is little cumbersome and you can follow this link if you want to do that. Pluggable endorsement and validation logic
Or, you can have an alternate solution by creating 10 Orgs with 1 peer each and define the endorsement policy through the command that you want as:
-P "OutOf(10, 'Org1.peer', 'Org2.peer', ...., 'Org10.peer')"
But, having all the peers as an endorsing peer is never a good idea as if a peer goes down, you will have to face serious problems as no transaction will be committed

At the time of chaincode instansiate getting error Error: could not send: rpc error: code = Unavailable desc = transport is closing

Using Linux 16.04 and docker All the containers are running fine .Successfully installed the chaincode on core peer.
But At the time of chaincode instansiate
peer chaincode instantiate -o orderer.example.com:7050 -C $CHANNEL_NAME -n fabcar -l "golang" -v 1.0 -c '{"Args":[""]}' -P "OR ('Org1MSP.member','Org2MSP.member')"
Geeting error
`Error: could not send: rpc error: code = Unavailable desc = transport is closing`
Thanks in advance.
I was facing this issue because I enabled tls on the peer but not providing the tls and ca file to the orderer at the time of chaincode instantiate.
This may work:
Bring down the network
Disable TLS in below files by commenting environment variables listed below.
base/docker-compose-base.yaml
base/peer-base.yaml
docker-compose-cli.yaml:
docker-compose-e2e-template.yam
ENV:
CORE_PEER_TLS_ENABLED
CORE_PEER_TLS_CERT_FILE
CORE_PEER_TLS_KEY_FILE
CORE_PEER_TLS_ROOTCERT_FILE
Bring up the network
Another way is to pass TLS certificate as an argument to peer fetch channel command.

ENDORSEMENT_POLICY_FAILURE when chaincode is invoked using node.js SDK

Steps followed:
1. Started a Hyperledger Fabric network with 1 organization,1 Peer,1
couch db and 1 CA
2. Created channel
docker exec command -e"CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/Admin#org1.example.com/msp" peer0.org1.example.com peer channel create -o orderer.example.com:7050 -c mychannel -f /etc/hyperledger/configtx/channel.tx
3. Joined peer to the channel using docker exec command
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/Admin#org1.example.com/msp" peer0.org1.example.com peer channel join -b mychannel.block
4. Installed chaincode
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" -e "CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp" cli peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -n fabcar -v 1.0 -c '{"Args":[""]}' -P "AND ('Org1MSP.member','Org2MSP.member')"
5. Started the client
6. Used node SDK to enroll and register a user
7. Ran invoke.js [from fabcar example] to initledger with 10 cars
8. The invoke query throws ENDORSEMENT_POLICY_FAILURE error.Please note that endorsement policy is set as "AND" Image
Your endorsement policy requires a peer from Org1 and a peer from Org2 to endorse the transaction. Given you are only running a single peer from Org1, there is no way to satisfy this endorsement policy.
Try setting the endorsement policy to
-P "AND ('Org1MSP.member')"
or adding a peer from Org2 to the channel and install the chaincode.

Resources