Friends,
I create a peer as server 'Peer S', then the 1st new peer 'Peer A' will join the server 'Peer S' by socket channel, the peer connection is created successfully, then 2nd peer 'Peer B' join the server like 'Peer A' does, successful too, then I want to create peer to peer connection between Peer A with Peer B through Peer S, the problem happens here:
the order is :
Peer A createOffer and setLocalDesc then send offer to Peer S, then Peer S forward offer to Peer B.
After Peer B receive offer, setRemoteDesc, then send 'Peer A can send candidates now', Peer S forward this msg to Peer A.
Peer A send 'Peer A candidates' to Peer S, then forward to Peer B, Peer B addIceCandidate
After Peer A candidates send complete, Peer B createAnswer and setLocalDesc, then Peer S will forward this answer to Peer A.
Peer A setRemoteDesc, send 'Peer B can send candidates now', then Peer S forward to Peer B.
Peer B send 'Peer B candidates', Peer S forward to Peer A, Peer A addIceCandidate.
This is the whole process, but after complete above process, the dataChannel is not created between Peer A with Peer B, the peer ice state of Peer A is 'new' or 'gathering', so does Peer B, ice state is never 'completed'.
Could anyone tell me what's wrong?
Thanks!
Rosone
Related
I've brought up an etcdraft based orderer cluster with 3 nodes and no peer nodes are deployed for now. And now I want to modify the orderer cluster like removing or adding members. Instructions I've found require firstly fetching the current config with the 'peer channel fetch config' command.
My question is how I can do to fetch the current system channel config with 'peer channel fetch config' command before/without any peer up and running, or is there any other way to achieve this.
fabric version: 1.4.4
You need to invoke it against an orderer since you also need to do this for the system channel, and peers don't have the system channel in them.
Use something like:
peer channel fetch config mychannel.block -c mychannel --orderer orderer.example.com:7050 --cafile ca.crt
I have doubt on creating the peer, where to configure, peer is endoser or Anchor.Lets say, After defining the peer of any-type,Is it possible to update peer type, from endoser to anchor viceversa.
Only peers with chaincode installed can act as endorser, in order to make a node endorser install the chaincode otherwise it'll be simple verify node.
for Anchor peers you need to provide in channel def.
example:
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile tlsca.example.com-cert.pem
Fabric provide three types of peer:
endorser , anchor and simple peer(verify).
endorser peer: peer on which chaincode is installed is called endorser peer.this peer is used to execute smart contract ad return result to client application. client app select that result which is return same from most endorsers.
Anchor peer: this peer is used when peer from one org need to communicate with other org.
for example:
org1 need to communicate with org2. now communication will be done between anchor peer of org1 and org2.
As you asked in comment peer can act as anchor or endorser peer at same time. Example : you can find it in byfn example. where peer0.org1.example.com is anchor as well as endorser.
I am using Hyperledger Fabric version 1.2. I have created a channel with 1 orderer and 10 peer nodes, all belonging to the same organisation. I want to instantiate the chaincode with the endorsement policy such that all the peers of ORG1 are the endorsing peer, not just 1. What is the valid expression for the same?
Currently using the following policy:
docker exec -e "CORE_PEER_ADDRESS=peer0.org1.example.com:7051" cli peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -n chainname -v 1.0 -c '{"Args":[""]}' -P "AND('Org1MSP.member')"
Fabric documentation contains examples of including peers from different organisations.
This can be achived while invoking the chaincode. You have to pass the peer addresses of all the peer nodes who you want to act as endorsing peers
peer chaincode invoke -o orderer0.abc.com:7050 -C abcchannel -n fabcar --peerAddresses peer0.org1.example.com:7051 --peerAddresses peer1.org1.example.com:7051 -c '{"Args":["initLedger"]}'
Unfortunately! there no valid command for that, you can follow two steps if you want to achieve this:
Write your own custom endorsement logic by a plugin. This method is little cumbersome and you can follow this link if you want to do that. Pluggable endorsement and validation logic
Or, you can have an alternate solution by creating 10 Orgs with 1 peer each and define the endorsement policy through the command that you want as:
-P "OutOf(10, 'Org1.peer', 'Org2.peer', ...., 'Org10.peer')"
But, having all the peers as an endorsing peer is never a good idea as if a peer goes down, you will have to face serious problems as no transaction will be committed
I have a multi-org network fabric network up and running from different hosts.
The docker containers for the peers have TLS enabled. The build configuration of the peer:
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
While creating and joining the channel I followed byfn docs and did not supply the TLS cert/file of the peer while joining the channel. All the peers were able to join the channel.
However, when I tried to fetch the newest block using peer channel fetch newest -o orderer.example.com:7050 -c examplechannel, I got the error:
Serve failed to complete security handshake from "ip:43402": tls: first record does not look like a TLS handshake
Further, I referred this doc on TLS and this doc
on passing TLS certs of the peer with the above fetch command:
peer channel fetch newest -o orderer.example.com:7050 -c examplechannel --tls --certfile $CORE_PEER_TLS_CERT_FILE --keyfile $CORE_PEER_TLS_KEY_FILE --cafile $CORE_PEER_TLS_ROOTCERT_FILE
This gave a new error:
grpc: Server.Serve failed to complete security handshake from "ip:43496": remote error: tls: bad certificate
Debugging TLS issues doc states that this happens when the server does not trust the client certificate. So in my case, I infer that the orderer is not trusting the certificate that the peer is passing.
So
Does it mean that I was supposed to pass TLS_CERT, TLS_KEY and TLS_ROOT cert while proposing a channel join from this peer?
If #1 is true, can I pass these certificates without bringing down the network and rejoining the channel with certs?
While creating the channel, it uses orderer's ca-cert. Also, when submitting anchor peer transaction, it uses orderer's ca cert? So am I supposed to use Orderer's ca cert for peer fetch command as well?
If #3 is true, then in a production environment, do we need to build up the peer containers such that it contains orderer's ca-cert?
There are multiple concepts baked into your questions. It's important to understand that there is a difference between using the peer to run a peer node--peer node start-- and using the peer as a CLI (e.g. peer channel fetch).
When the peer is running as a server, there's no need to pass in crypto material for the channels as the peer actually extracts the required TLS certificate information from the config block passed in the peer channel join ... command.
When the peer is running in CLI mode, you do need to provide the the TLS certificate information to connect to the various endpoints. When communicating with peers, this information is extracted from the peer config (either in core.yaml or from the corresponding CORE_ environment variables). When communicating with the orderer, there are specific command line flags for setting the TLS material.
How do I join members on a channel configured on another computer?
On one computer, I joined the channel through the consortium definition and authentication process.
I do not know how to access channel B of B computer from Peer of computer A. I would be grateful if you could give me specific instructions on how to access the channel from another computer.
Computer A: Once you create the channel, you have the genesis block. You need the genesis block to join the channel.
Computer B: When you have the genesis block, you should execute the following commands:
peer channel join -b mychannel.block
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile tlsca.example.com-cert.pem
In the channel configuration you should define both Peers