Reputation: 984
Hyperledger fabric channel creation through node sdk
I am trying to create channel through hyperledger fabric node sdk but getting following errors.
Rejecting broadcast of config message from 172.25.0.1:34196 because of error: error validating channel creation transaction for new channel 'arun1', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
Here is my Nodes method
try {
console.log("api hit");
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = new FileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the user.
const userExists = await wallet.exists('user2');
if (!userExists) {
console.log('An identity for the user "user2" does not exist in the wallet');
console.log('Run the registerUser.js application before retrying');
return;
}
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(ccpPath, { wallet, identity: 'user2', discovery: { enabled: false, asLocalhost: true } });
var client = gateway.getClient()
// first read in the file, this gives us a binary config envelope
let envelope_bytes = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/channel-artifacts/channel1.tx'));
let adminKey = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/keystore/pem.key'));
let adminCert = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/cacerts/ca.org1.example.com-cert.pem'));
client.setAdminSigningIdentity(adminKey.toString(),adminCert.toString(),"Org1MSP")
console.log(`admin key===== ${adminKey}`);
console.log(`admin cert===== ${adminCert}`);
// have the nodeSDK extract out the config update
var signatures = new Array();
var config_update = client.extractChannelConfig(envelope_bytes);
var configSignature=client.signChannelConfig(config_update)
signatures.push(configSignature);
// create an orderer object to represent the orderer of the network
var orderer=client.getOrderer("orderer.example.com")
let request = {
config: config_update, //the binary config
signatures: signatures, // the collected signatures
name: 'arun1', // the channel name
orderer: orderer, //the orderer from above
txId: client.newTransactionID(true) //the generated transaction id
};
console.log(`configupdate${config_update}`);
// this call will return a Promise
console.log("Transaction sent 2");
const result = await client.createChannel(request)
return {
status: 200,
data: {
data: JSON.parse(result.toString())
}
};
} catch (error) {
console.error(`Failed to evaluate transaction: ${error}`);
// process.exit(1);
return {
status: 400,
data: {
data: `${error}`
}
};
}
Here is my connection.json
{
"name": "first-network-org1",
"version": "1.0.0",
"client": {
"organization": "Org1",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"adminPrivateKey": {
"path": "/home/arun/Hyperledger_1.4.2/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/keystore/pem.key"
},
"signedCert": {
"path": "/home/arun/Hyperledger_1.4.2/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/cacerts/ca.org1.example.com-cert.pem"
},
"peers": [
"peer0.org1.example.com",
"peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
]
}
},
"orderers": {
"orderer.example.com": {
"url": "grpcs://localhost:7050",
"tlsCACerts": {
"path": "crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com"
}
}
},
"peers": {
"peer0.org1.example.com": {
"url": "grpcs://localhost:7051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.example.com"
}
},
"peer1.org1.example.com": {
"url": "grpcs://localhost:8051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer1.org1.example.com"
}
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:7054",
"caName": "ca-org1",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"httpOptions": {
"verify": false
}
}
}
}
Upvotes: 0
Views: 694
Answers (3)
Reputation: 984
I found the error my path to the admincert was wrong
let adminCert = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/cacerts/ca.org1.example.com-cert.pem'));
Replaced the cacerts with admincerts
let adminCert = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/admincerts/[email protected]'));
Upvotes: 1
Reputation: 4133
According to your error response, it is rejecting because you are not passing the admin creds while creating new channel.
Its a fabric channel writers policy, only admins can create channel
"adminPrivateKey": {
"path": "/home/arun/Hyperledger_1.4.2/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/keystore/pem.key
are you sure pem.key ?
Upvotes: 0
Reputation: 5570
I think this may be a problem with the Fabric security, rather than with your code.
How is your Fabric setup, are you using an 'old' copy of configtx.yaml? I don't know when it changed, but in the configtx.yaml you now need to specify channel policies, so you will need a line such as <<: *ChannelDefaults under your profiles section in the file. So for example:
Profiles:
ThreeOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
constrade:
Organizations:
- *Org1
- *Org2
- *Org3
ThreeOrgsChannel:
Consortium: constrade
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
Capabilities:
<<: *ApplicationCapabilities
and you will obviously need the policies defined in the ChannelDefaults section of your file.
The latest first-network sample in fabric-samples has the correct file format.
Upvotes: 0
Related Questions
- Channel creation using node fabric sdk 2.2
- create a channel through node js in hyperledger fabric 2.0
- Error initializing the network channel from node sdk in hyperledger fabric
- When I try to create a channel using Hyperledger Fabric, the request fails
- Error in Channel Creation in Hyperledger Fabric using Node.js
- Channel creation fails in Hyperledger Fabric v1.2
- Hyperledger Fabric channel creation failure
- Channel creation fails in Hyperledger v1.2
- Hyperledger Channel Creation
- Hyperledger Fabric Channels