Reputation: 103
I am using Hyperledger Fabric v1.2. I am trying to instantiate chaincode on a single peer and I just have one org and an orderer org specified on my configtx.yaml for my network. I haven't made any changes to the ACL in my configtx.yaml so its what is set to by default.
When I run this command:
./peer chaincode instantiate -o orderer1.example.com:7050 -C devchannel -n jmo01 -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "OR ('SampleOrgMSP.member')" --cafile /etc/hyperledger/fabric/msp/peer1/msp/cacerts/cert.pem
It throws the following error in the peer:
Error: could not assemble transaction, err Proposal response was not successful, error code 500, msg instantiation policy violation: signature set did not satisfy policy
Profiles in configtx.yaml:
Profiles:
# SampleDevModeKafka defines a configuration that differs from the
# SampleDevModeSolo one only in that it uses the Kafka-based orderer.
SampleOrgGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrgMSP.member')"
Consortiums:
SampleConsortium:
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrgMSP.member')"
MyChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *SampleOrg
Organizations section at the top of configtx.yaml:
Organizations:
- &SampleOrdererOrg
Name: SampleOrdererOrg
ID: SampleOrdererOrgMSP
MSPDir: /etc/hyperledger/msp/orderer1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('SampleOrdererOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('SampleOrdererOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('SampleOrdererOrgMSP.admin')"
BlockValidation:
Type: Signature
Rule: "OR('SampleOrdererOrgMSP.member')"
- &SampleOrg
Name: SampleOrgMSP
ID: SampleOrgMSP
# MSPDir is the filesystem path which contains the MSP configuration.
MSPDir: /etc/hyperledger/org/msp
Policies: &SampleOrgPolicies
Readers:
Type: Signature
Rule: "OR('SampleOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('SampleOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('SampleOrgMSP.admin')"
AnchorPeers:
- Host: peer1.example.com
Port: 7051
- Host: peer2.example.com
Port: 7051
- Host: peer3.example.com
Port: 7051
I'm thinking it has something to do with how I'm making the instantiation command and maybe I don't have the policy correctly set. One of the policies is requiring a certain type of org user to complete the instantiation but I'm not sure which one it is where its member or admin and then what org msp should I be specifying.
Upvotes: 1
Views: 2022
Reputation: 12053
The instantiate request must be signed by an admin for the organization. From the config above, you'd need to sign with the private key corresponding to the admin public key in /etc/hyperledger/org/msp
(the MSPDir property of SampleOrg in your config above).
When running the peer
in CLI mode, you need to make sure you set two key properties. We'll use environment variables to make it easier:
CORE_PEER_LOCALMSPID - this MSP ID for your organization. In your case, looks like it would be SampleOrgMSP
.
CORE_PEER_MSPCONFIGPATH - this is the directory containing the identity which will be used to sign transactions. The directory will contain use the X509 MSP structure:
admincerts
cacerts
keystore
signcerts
Since you are acting as a client, keystore
and signcerts
are the most important. keystore
contains the private key and signcerts
contains the corresponding public key. The public key in signcerts
should match the public key in admincerts
in /etc/hyperledger/org/msp
(the MSP info for the org in the channel definition.
Upvotes: 4