I’m just starting out with Hyperledger Fabric (at a really low level):
- I’m on Ubuntu 20.04.6 LTS
- I use: Docker Desktop (Docker compose v2.23.3-desktop.2) , Fabric 2.5.5 and Fabric CA 1.4.
Browsing tutorials online, I built a Fabric network of two organizations, org0 (with 03 orderers) and org1 (with 01 peer) :
-
The cryptographic hardware was deployed without a hitch, following the recommendations of : text
-
the content of my configtx.yaml file is :
Organizations:
- &org0
Name: org0
# ID to load the MSP definition as
ID: org0
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: orderers/org0/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org0.member')"
Writers:
Type: Signature
Rule: "OR('org0.member')"
Admins:
Type: Signature
Rule: "OR('org0.admin')"
- &org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: org1
# ID to load the MSP definition as
ID: org1
MSPDir: peers/org1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client')"
Writers:
Type: Signature
Rule: "OR('org1.admin', 'org1.client')"
Admins:
Type: Signature
Rule: "OR('org1.admin')"
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1.org0.com
Port: 7050
ClientTLSCert: orderers/org0/orderer1/tls/signcerts/cert.pem
ServerTLSCert: orderers/org0/orderer1/tls/signcerts/cert.pem
- Host: orderer2.org0.com
Port: 7050
ClientTLSCert: orderers/org0/orderer2/tls/signcerts/cert.pem
ServerTLSCert: orderers/org0/orderer2/tls/signcerts/cert.pem
- Host: orderer3.org0.com
Port: 7050
ClientTLSCert: orderers/org0/orderer3/tls/signcerts/cert.pem
ServerTLSCert: orderers/org0/orderer3/tls/signcerts/cert.pem
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
bchannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
Capabilities:
<<: *ApplicationCapabilities
genesis:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
Addresses:
- orderer1.org0.com:7050
- orderer2.org0.com:7050
- orderer3.org0.com:7050
Organizations:
- *org0
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *org0
Consortiums:
SampleConsortium:
Organizations:
- *org1
- The content of my docker-compose.yaml file is :
version: '2'
volumes:
orderer1.org0.com:
orderer2.org0.com:
orderer3.org0.com:
peer1.org1.com:
networks:
fabric:
services:
orderer1.org0.com:
hostname: orderer1.org0.com
image: hyperledger/fabric-orderer:2.5.5
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_LOCALMSPID=org0
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/keystore/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/signcerts/cert.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/cacerts/localhost-8054.pem]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/signcerts/cert.pem
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/keystore/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/cacerts/localhost-8054.pem]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./orderers/org0/orderer1/msp:/var/hyperledger/orderer/msp
- ./orderers/org0/orderer1/tls/:/var/hyperledger/orderer/tls
- orderer1.org0.com:/var/hyperledger/production/orderer
networks:
fabric:
aliases:
- orderer1.org0.com
orderer2.org0.com:
hostname: orderer2.org0.com
image: hyperledger/fabric-orderer:2.5.5
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=org0
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/keystore/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/signcerts/cert.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/cacerts/localhost-8054.pem]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/signcerts/cert.pem
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/keystore/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/cacerts/localhost-8054.pem]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./orderers/org0/orderer2/msp:/var/hyperledger/orderer/msp
- ./orderers/org0/orderer2/tls/:/var/hyperledger/orderer/tls
- orderer2.org0.com:/var/hyperledger/production/orderer
networks:
fabric:
aliases:
- orderer2.org0.com
orderer3.org0.com:
hostname: orderer3.org0.com
image: hyperledger/fabric-orderer:2.5.5
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=org0
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/keystore/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/signcerts/cert.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/cacerts/localhost-8054.pem]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/signcerts/cert.pem
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/keystore/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/cacerts/localhost-8054.pem]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./orderers/org0/orderer3/msp:/var/hyperledger/orderer/msp
- ./orderers/org0/orderer3/tls/:/var/hyperledger/orderer/tls
- orderer3.org0.com:/var/hyperledger/production/orderer
networks:
fabric:
aliases:
- orderer3.org0.com
peer1.org1.com:
container_name: peer1.org1.com
hostname: peer1.org1.com
image: hyperledger/fabric-peer:2.5.5
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=false
- CORE_PEER_GOSSIP_ORGLEADER=true
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/keystore/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/cacerts/localhost-8054.pem
# Allow more time for chaincode container to build on install.
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
- CORE_PEER_ID=peer1.org1.com
- CORE_PEER_ADDRESS=peer1.org1.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer1.org1.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.com:7051
- CORE_PEER_LOCALMSPID=org1
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
- ./peers/org1/peer1/msp:/etc/hyperledger/fabric/msp
- ./peers/org1/peer1/tls:/etc/hyperledger/fabric/tls
- peer1.org1.com:/var/hyperledger/production
networks:
fabric:
aliases:
- peer1.org1.com
cli:
container_name: cli
image: hyperledger/fabric-tools:2.5.5
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer1.org1.com:7051
- CORE_PEER_LOCALMSPID=org1
- CORE_PEER_TLS_ENABLED=true
# - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
# - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org1/msp/tlscacerts/server.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org1/peer1/msp/user/admin
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./peers/org1/:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org1/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
- ./chaincode:/opt/gopath/src/github.com/hyperledger/fabric/peer/chaincode
- ./orderers/org0/orderer1:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org0/orderer1
networks:
fabric:
After my docker container and network had launched without a hitch, I created and joined a channel (ID: bchannel). Using the peer lifecucle chaincode a chaincode was packaged and installed on our counterpart.
but when we tried to approve our chaincode with the command :
peer lifecycle chaincode approveformyorg -o orderer1.org0.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org1/msp/tlscacerts/server.crt --peerAddresses peer1.org1.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org1/msp/tlscacerts/server.crt --channelID bchannel --name testcc --version 1 --init-required --sequence 1 --waitForEvent --package-id testcc_1:9b8e95e5c62b82ff621ad6cdb6f2f8999e769c6ac97cda78d39a63c5d3d715f0 --signature-policy "AND('org1.peer')"
we get the following error:
**2024-02-08 11:23:20.929 UTC 0001 INFO [chaincodeCmd] ClientWait -> txid [8e551a7f10fdcc0146982a19d0a7ce503f8508a0f0aadd47d4a71dfe11b1f6b6] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer1.org1.com:7051
Error: transaction invalidated with status (ENDORSEMENT_POLICY_FAILURE)**
We tried to look for solutions online, but either we didn’t understand them well (given our level), or they simply didn’t work in our case.
We really need help to correct this error – we’ve been at it for** 02 weeks **now.
Any help would be appreciated.
Looks your configtx.yaml is old or not have the endorsement stanza under org1. Use the latest configtx.yaml from fabric samples. its suppose to have below.
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"