I am trying to set up a sample hyperledger fabric environment with an orderer and 2 peers. I am not using docker approach instead I am running the actual executable itself.
Orderer and 2 peer nodes started successfully. However, channel creation fails with the following error. Any help would be greatly appreciated.
Error on the orderer window
> 2017-08-17 07:28:22.338 IST [orderer/common/deliver] Handle -> WARN
> 029 Error reading from stream: rpc error: code = Canceled desc =
> context canceled 2017-08-17 07:31:08.044 IST [common/config/channel]
> CommitProposals -> WARN 02a Current configuration has no policy
> '/Channel/Application/Readers', this will likely cause problems in
> production systems 2017-08-17 07:31:08.050 IST [common/config/channel]
> CommitProposals -> WARN 02b Current configuration has no policy
> '/Channel/Application/Writers', this will likely cause problems in
> production systems 2017-08-17 07:31:08.050 IST [common/config/channel]
> CommitProposals -> WARN 02c Current configuration has no policy
> '/Channel/Application/Admins', this will likely cause problems in
> production systems 2017-08-17 07:31:08.051 IST [cauthdsl] func2 ->
> ERRO 02d Principal deserialization failure (The supplied identity is
> not valid, Verify() returned x509: certificate signed by unknown
> authority) for identity
> 0a07506565724f726712e7052d2d2d2d2d424547494e202d2d2d2d2d0a4d494943427a43434161326741774942416749514e303434797750356c6d6c3477613379723836355a6a414b42676771686b6a4f50515144416a426e4d5173770a435159445651514745774a56557a45544d4245474131554543424d4b5132467361575a76636d3570595445574d4251474131554542784d4e5532467549455a790a5957356a61584e6a627a45544d4245474131554543684d4b593246795a6d46344c6d4e76625445574d4251474131554541784d4e59324575593246795a6d46340a4c6d4e7662544165467730784e7a41344d5459784e7a41344e445261467730794e7a41344d5451784e7a41344e4452614d465578437a414a42674e56424159540a416c56544d524d77455159445651514945777044595778705a6d3979626d6c684d52597746415944565151484577315459573467526e4a68626d4e7063324e760a4d526b774677594456515144444242425a473170626b426a59584a6d59586775593239744d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a30440a4151634451674145743046756e6d577635336b6366417846785953784c44565164324d336b6d586345714b556c77507a6a444a544b626c4265317931376b39380a4c64384f2f57374c777a71394b374f563957394a3765367962736b44324b4e4e4d45737744675944565230504151482f42415144416765414d417747413155640a457745422f7751434d4141774b7759445652306a42435177496f4167445a62512f58784241523253396670326b64587a78546a666c35685055724958376635460a664d446d6b4f7377436759494b6f5a497a6a304541774944534141775251496841507a303051514962515769727a467962357978736a3168384d6a316a37482b0a333971735171445438387a684169426a6776705a777675764947456b6a624a75697663574b3172476f36416b314430362f7445527a59383538513d3d0a2d2d2d2d2d454e44202d2d2d2d2d0a
> 2017-08-17 07:31:08.052 IST [orderer/common/broadcast] Handle -> WARN
> 02e [channel: testing] Rejecting broadcast of config message because
> of error: Error authorizing update: Error validating DeltaSet: Policy
> for [Groups] /Channel/Application not satisfied: Failed to reach
> implicit threshold of 1 sub-policies, required 1 remaining 2017-08-17
> 07:31:08.063 IST [orderer/common/deliver] Handle -> WARN 02f Error
> reading from stream: rpc error: code = Canceled desc = context
> canceled
Value of ORDERER_TLS
ORDERER_TLS="--tls true--cafile /opt/gopath/src/github.com/hyperledger/fabric/sampleconfig/tls/ca.crt"
Error while creating the channel
node1@ubuntu:/opt/gopath/src/github.com/hyperledger/fabric/build/bin$ peer channel create $ORDERER_TLS -f /home/node1/Downloads/fabricDeployment-master/testing.tx -c testing -o node1.honda.com:7050 --logging-level DEBUG -v
2017-08-17 07:28:21.953 IST [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2017-08-17 07:28:21.953 IST [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2017-08-17 07:28:21.996 IST [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2017-08-17 07:28:22.014 IST [msp] GetLocalMSP -> DEBU 004 Returning existing local MSP
2017-08-17 07:28:22.019 IST [msp] GetDefaultSigningIdentity -> DEBU 005 Obtaining default signing identity
2017-08-17 07:28:22.019 IST [msp] GetLocalMSP -> DEBU 006 Returning existing local MSP
2017-08-17 07:28:22.019 IST [msp] GetDefaultSigningIdentity -> DEBU 007 Obtaining default signing identity
2017-08-17 07:28:22.019 IST [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0AF3050A07506565724F726712E7052D...69636174696F6E2F41646D696E731801
2017-08-17 07:28:22.019 IST [msp/identity] Sign -> DEBU 009 Sign: digest: 63EBD4B3B350685B39A0C8E8E216EFCB3D4C3C82F74B6FA2638D2A7974EB1E74
2017-08-17 07:28:22.020 IST [msp] GetLocalMSP -> DEBU 00a Returning existing local MSP
2017-08-17 07:28:22.020 IST [msp] GetDefaultSigningIdentity -> DEBU 00b Obtaining default signing identity
2017-08-17 07:28:22.020 IST [msp] GetLocalMSP -> DEBU 00c Returning existing local MSP
2017-08-17 07:28:22.020 IST [msp] GetDefaultSigningIdentity -> DEBU 00d Obtaining default signing identity
2017-08-17 07:28:22.020 IST [msp/identity] Sign -> DEBU 00e Sign: plaintext: 0AA6060A1108021A0608BEF0D3CC0522...1A843140B4B661FA8CBCB3170133AC2B
2017-08-17 07:28:22.020 IST [msp/identity] Sign -> DEBU 00f Sign: digest: EB039E58FB665150B556394FD464155BBB349CEBB591A578DE402789465EDA84
Error: Got unexpected status: BAD_REQUEST -- Error authorizing update: Error validating DeltaSet: Policy for [Groups] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
Usage:
peer channel create [flags]
Flags:
-c, --channelID string In case of a newChain command, the channel ID to create.
-f, --file string Configuration transaction file generated by a tool such as configtxgen for submitting to orderer
-t, --timeout int Channel creation timeout (default 5)
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--logging-level string Default logging level and overrides, see core.yaml for full syntax
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when validating the TLS connection to the orderer.
--test.coverprofile string Done (default "coverage.cov")
--tls Use TLS when communicating with the orderer endpoint
-v, --version Display current version of fabric peer server
Edit Start
Thank you for your reply Yacovm. I am still facing the same issue. In fact, I am using your github code to try this sample. The script was awesome and easy to understand
Let me quickly brief about the current set up I have.
Environment 3 nodes running - Ubuntu 16
> **Node1 Details** Hostname : node1 Domain name : honda.com User1 : node1 User2 : Admin
>
> **Node2 Details** Hostname : node2 Domain name : carfax.com User1 : node2 User2 : Admin
>
> **Node3 Details** Hostname : node3 Domain name : carfax.com User1 : node3 User2 : Admin
Step 1 : Downloaded the Fabric source in all 3 machines and ran “make” – Everything was successful
Source is present in the following path : /opt/gopath/src/github.com/hyperledger/fabric
Step 2 :
Downloaded fabricDeployment-master /home/node1/Downloads/fabricDeployment-master in node1 machine From node1 machine, I am running the following ( I am using the deploy.sh provided in github with slight changes )
[[ -z $GOPATH ]] && (echo "Environment variable GOPATH isn't set!"; exit 1)
FABRIC=$GOPATH/src/github.com/hyperledger/fabric
[[ -d "$FABRIC" ]] || (echo "Directory $FABRIC doesn't exist!"; exit 1)
for file in configtxgen peer cryptogen; do
[[ -f $file ]] && continue
binary=$FABRIC/build/bin/$file
[[ ! -f $binary ]] && ( cd $FABRIC ; make $file)
cp $binary $file && continue
done
for file in configtxgen peer cryptogen; do
[[ ! -f $file ]] && echo "$file isn't found, aborting!" && exit 1
done
. config.sh
bootPeer=$(echo ${peers} | awk '{print $1}')
anchorPeer=$(echo ${peers} | awk '{print $1}')
PROPAGATEPEERNUM=${PROPAGATEPEERNUM:-3}
i=0
for p in $orderer $peers ; do
echo "Making Directory structure for $p"
mkdir -p $p/sampleconfig/crypto
mkdir -p $p/sampleconfig/tls
ip=$(getIP $p)
echo "${p}'s ip address is ${ip}"
orgLeader=false
bootstrap=$anchorPeer:7051
if [[ $i -eq 1 ]];then
orgLeader=true
fi
(( i += 1 ))
echo "Creating core.yaml from core.yaml.template for $p"
cat core.yaml.template | sed "s/PROPAGATEPEERNUM/${PROPAGATEPEERNUM}/ ; s/PEERID/$p/ ; s/ADDRESS/$p/ ; s/ORGLEADER/$orgLeader/ ; s/BOOTSTRAP/$bootPeer:7051/ ; s/TLS_CERT/$p.carfax.com-cert.pem/" > $p/sampleconfig/core.yaml
done
echo "Creating configtx.yaml from configtx.yaml.template with ANCHOR_PEER_IP & ORDERER_IP"
cat configtx.yaml.template | sed "s/ANCHOR_PEER_IP/$anchorpeer/ ; s/ORDERER_IP/$orderer/" > configtx.yaml
echo "Creating crypto-config.yml from crypto-config.yml.template with ORDERER_IP and adding hostname node2 & node3"
cat crypto-config.yml.template | sed "s/ORDERER_IP/$orderer/" > crypto-config.yml
for p in $peers ; do
echo " - Hostname: $p" >> crypto-config.yml
done
cat << EOF >> crypto-config.yml
Users:
Count: 1
EOF
./cryptogen generate --config crypto-config.yml
./configtxgen -profile Genesis -outputBlock genesis.block -channelID system
./configtxgen -profile Channels -outputCreateChannelTx yacov.tx -channelID yacov
./configtxgen -profile Channels -outputAnchorPeersUpdate OrdererOrganchors.tx -channelID yacov -asOrg PeerOrg
mv genesis.block node1/sampleconfig/
cp orderer.yaml node1/sampleconfig/
cp -r crypto-config/ordererOrganizations/honda.com/orderers/node1.honda.com/msp/* node1/sampleconfig/crypto
cp -r crypto-config/ordererOrganizations/honda.com/orderers/node1.honda.com/tls/* node1/sampleconfig/tls
cp -r crypto-config/peerOrganizations/carfax.com/peers/node2.carfax.com/msp/* node2/sampleconfig/crypto
cp -r crypto-config/peerOrganizations/carfax.com/peers/node2.carfax.com/tls/* node2/sampleconfig/tls/
cp -r crypto-config/peerOrganizations/carfax.com/peers/node3.carfax.com/msp/* node3/sampleconfig/crypto
cp -r crypto-config/peerOrganizations/carfax.com/peers/node3.carfax.com/tls/* node3/sampleconfig/tls/
echo "Deploying configuration - Moving configurations to respective machines"
scp -r node1/sampleconfig/* node1@node1:/opt/gopath/src/github.com/hyperledger/fabric/sampleconfig/
scp -r node2/sampleconfig/* node2@node2:/opt/gopath/src/github.com/hyperledger/fabric/sampleconfig/
scp -r node3/sampleconfig/* node3@node3:/opt/gopath/src/github.com/hyperledger/fabric/sampleconfig/
Step 3 :
Resulting crypto-config.yaml
OrdererOrgs:
- Name: Org0
Domain: honda.com
PeerOrgs:
- Name: Org1
Domain: carfax.com
- Hostname: node2
- Hostname: node3
Users:
Count: 1
Resulting crypto-config.yaml
Profiles:
Genesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *PeerOrg
Channels:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *PeerOrg
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererOrg
MSPDir: crypto-config/ordererOrganizations/honda.com/msp
AdminPrincipal: Role.ADMIN
- &PeerOrg
Name: PeerOrg
ID: PeerOrg
MSPDir: crypto-config/peerOrganizations/carfax.com/msp
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: node2
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- node1:7050
BatchTimeout: 1ms
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
MaxChannels: 0
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Application: &ApplicationDefault
s
Step 4 : Starting orderer from node1 as node1 user Starting peer1 from node2 as node2 user Starting peer2 from node3 as node3 user
Till here things work fine
Step 5 : Channel Creation
From node1 as node1 user, running the following commands
node1@ubuntu:~/Downloads/fabricDeployment-master$ pwd
/home/node1/Downloads/fabricDeployment-master
export FABRIC=$GOPATH/src/github.com/hyperledger/fabric
export ORDERER_TLS="--tls true --cafile `pwd`/crypto-config/ordererOrganizations/honda.com/orderers/node1.honda.com/tls/ca.crt"
export CORE_PEER_TLS_ROOTCERT_FILE=`pwd`/crypto-config/peerOrganizations/carfax.com/peers/node2.carfax.com/tls/ca.crt
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_MSPCONFIGPATH=`pwd`/crypto-config/peerOrganizations/carfax.com/users/Admin@carfax.com/msp
export CORE_PEER_LOCALMSPID=PeerOrg
/opt/gopath/src/github.com/hyperledger/fabric/build/bin/peer channel create $ORDERER_TLS -f yacov.tx -c yacov -o node1:7050
Contents of configtx.yaml
---
Profiles:
Genesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *PeerOrg
Channels:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *PeerOrg
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererOrg
MSPDir: crypto-config/ordererOrganizations/honda.com/msp
AdminPrincipal: Role.ADMIN
- &PeerOrg
Name: PeerOrg
ID: PeerOrg
MSPDir: crypto-config/peerOrganizations/carfax.com/msp
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host:
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- node1:7050
BatchTimeout: 1ms
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
MaxChannels: 0
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Application: &ApplicationDefaults
Organizations:
Output of command line statements when executing Genesis Block
2017-08-18 16:50:37.015 IST [common/tools/configtxgen] main -> INFO 001 Loading configuration
2017-08-18 16:50:37.175 IST [common/tools/configtxgen] doOutputBlock -> INFO 002 Generating genesis block 2017-08-18 16:50:37.179 IST [common/tools/configtxgen] doOutputBlock -> INFO 003 Writing genesis block
Output of Genesis Block
<1.{��������G<&�����n��ix*s!�0
�0
�0
t
����"system*@d6a8b389f09cd34562dda9af564c11bd28fed0ae9c42070f11a56c678b19e704h�N�b����S���>%��_bٮ�/
�/�/�
Consortiums��
SampleConsortium��
PeerOrg��
MSP���
PeerOrg�-----BEGIN CERTIFICATE-----
MIICKzCCAdGgAwIBAgIQCxUbHYlT+2GRvjnArG6gZjAKBggqhkjOPQQDAjBnMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzETMBEGA1UEChMKY2FyZmF4LmNvbTEWMBQGA1UEAxMNY2EuY2FyZmF4
LmNvbTAeFw0xNzA4MTgxMTIwMzZaFw0yNzA4MTYxMTIwMzZaMGcxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRMwEQYDVQQKEwpjYXJmYXguY29tMRYwFAYDVQQDEw1jYS5jYXJmYXguY29tMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUufxUYHLgvaxfm6AObKj60v4dIwd0/gT
Xd17VLEWlUpNR63se9yjzIbKzBw2rxje+9GalDDOaNJzFG+XXNz6wKNfMF0wDgYD
VR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAp
BgNVHQ4EIgQgEk7d6Qvvq5FBNjXfHh0Fa4MjzHXcsIKg0+B+vdZT6D8wCgYIKoZI
zj0EAwIDSAAwRQIhAI7atq+JHSmzBwZ034y6u54+uBPe+S9qyqrTVDQ9a6RoAiBG
n8WRFVKobSeMJR6igf78tAjWVuSdEhhBJV2rGKmD1Q==
-----END CERTIFICATE-----
"�-----BEGIN CERTIFICATE-----
MIICBzCCAa2gAwIBAgIQfWg0mgPDxGOBJpfWRqJ3tzAKBggqhkjOPQQDAjBnMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzETMBEGA1UEChMKY2FyZmF4LmNvbTEWMBQGA1UEAxMNY2EuY2FyZmF4
LmNvbTAeFw0xNzA4MTgxMTIwMzZaFw0yNzA4MTYxMTIwMzZaMFUxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRkwFwYDVQQDDBBBZG1pbkBjYXJmYXguY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAEWmAAX6Xj0/H7a5S6K5lA7u1pQLYZ/6iTTLn2E1JTWTd0jI5sh0zcL9qf
dkfIk/8G0u6rLUA8WDv0EZqvi8Mt8KNNMEswDgYDVR0PAQH/BAQDAgeAMAwGA1Ud
EwEB/wQCMAAwKwYDVR0jBCQwIoAgEk7d6Qvvq5FBNjXfHh0Fa4MjzHXcsIKg0+B+
vdZT6D8wCgYIKoZIzj0EAwIDSAAwRQIhAI3IKnk6Rxw3s78GuTpwiVjObwR1ylOo
juILM99AMMFrAiAUx31MEvAZaw89QQ8KirZzl/JnCERoQ0kz8ov3jiFJzA==
-----END CERTIFICATE-----
B
SHA2SHA256J�-----BEGIN CERTIFICATE-----
MIICMDCCAdegAwIBAgIQbuC39Z6/ccEP3hMMe5cGSjAKBggqhkjOPQQDAjBqMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzETMBEGA1UEChMKY2FyZmF4LmNvbTEZMBcGA1UEAxMQdGxzY2EuY2Fy
ZmF4LmNvbTAeFw0xNzA4MTgxMTIwMzZaFw0yNzA4MTYxMTIwMzZaMGoxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp
c2NvMRMwEQYDVQQKEwpjYXJmYXguY29tMRkwFwYDVQQDExB0bHNjYS5jYXJmYXgu
Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2oEQ9GicVdKYvI9pHj3iWb4P
rjT7VO8weBDbDe0/MfxwhDsXe5uReASpL2YcbUYb1nCc/n9z/qvq23LXzPusaKNf
MF0wDgYDVR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUw
AwEB/zApBgNVHQ4EIgQg/o+D3yG/Yzjm3Ka2AcI8VU63RSvF8aHIvnD10/EQtZgw
CgYIKoZIzj0EAwIDRwAwRAIgXM/MWiZFfRQdAy1ybRHV8/A2IO8Xu6+aIKcSK5kF
mXgCIBFDIzDA0DjeO0O3F7dBEf3nbiSvCQgIBQQbjGKm15+D
-----END CERTIFICATE-----
Admins"1
Admins'
PeerOrgAdmins"0
Readers%
PeerOrgAdmins"0
Writers%
PeerOrgAdmins*Admins@
ChannelCreationPolicy'
Admins/Channel/Orderer/Admins*/Channel/Orderer/Admins"
AdminsAdmins*/Channel/Orderer/Admins�
Orderer��
OrdererOrg��
MSP���
OrdererOrg�-----BEGIN CERTIFICATE-----
MIICJzCCAc6gAwIBAgIRAIMBXTi8vzqOVhQiXB+ovQMwCgYIKoZIzj0EAwIwZTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xEjAQBgNVBAoTCWhvbmRhLmNvbTEVMBMGA1UEAxMMY2EuaG9uZGEu
Y29tMB4XDTE3MDgxODExMjAzNloXDTI3MDgxNjExMjAzNlowZTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
EjAQBgNVBAoTCWhvbmRhLmNvbTEVMBMGA1UEAxMMY2EuaG9uZGEuY29tMFkwEwYH
KoZIzj0CAQYIKoZIzj0DAQcDQgAEm3VY12jlinzimYav4K39anZGIyd7DrygL7fV
b57S7tpvwTXWfGNt58tDBf584w1Bw7Yr6M3unJjWfNj7VaLwd6NfMF0wDgYDVR0P
AQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNV
HQ4EIgQgMfMrGCUNqJqCehc2xsAYVyWqVTV3jYDcnmkyBhtFSGcwCgYIKoZIzj0E
AwIDRwAwRAIgMrdpDfMnULyS2dMtjfdWGAXPxDj4URM0nelcSjOpmAoCIB24mFvn
C34fP8icL0QVIOf+mPin2jD4HgsDP58dDFtu
-----END CERTIFICATE-----
"�-----BEGIN CERTIFICATE-----
MIICBDCCAaqgAwIBAgIQOHnvuaxK4NLP1+Qb7OIm+DAKBggqhkjOPQQDAjBlMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzESMBAGA1UEChMJaG9uZGEuY29tMRUwEwYDVQQDEwxjYS5ob25kYS5j
b20wHhcNMTcwODE4MTEyMDM2WhcNMjcwODE2MTEyMDM2WjBUMQswCQYDVQQGEwJV
UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEY
MBYGA1UEAwwPQWRtaW5AaG9uZGEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEUe6whrR0aqrwMJ+kKZaAetMAYmBON4S9yu0VPaGDuaEmQufj6guOFP6eQ+6A
LPRa1LaDEWAO0sPg9xtSc2P0MaNNMEswDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB
/wQCMAAwKwYDVR0jBCQwIoAgMfMrGCUNqJqCehc2xsAYVyWqVTV3jYDcnmkyBhtF
SGcwCgYIKoZIzj0EAwIDSAAwRQIhAMS9lF1z1wyp90zW2rgrIz7m0iX/hCUyR15N
kSPTuzTQAiB6HWU0nabnzQHOcWwalz4WoCeIJRA6kjpQoP7yq7JmrQ==
-----END CERTIFICATE-----
B
SHA2SHA256J�-----BEGIN CERTIFICATE-----
MIICLjCCAdSgAwIBAgIRAP+2jzBK3BFU8vDd0QvneV4wCgYIKoZIzj0EAwIwaDEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xEjAQBgNVBAoTCWhvbmRhLmNvbTEYMBYGA1UEAxMPdGxzY2EuaG9u
ZGEuY29tMB4XDTE3MDgxODExMjAzNloXDTI3MDgxNjExMjAzNlowaDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz
Y28xEjAQBgNVBAoTCWhvbmRhLmNvbTEYMBYGA1UEAxMPdGxzY2EuaG9uZGEuY29t
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3vaA4FhLDOMH7h39Ih2ivixOlg+n
OI7+mF0GQrG8f2qop4gSaZQwtVIj5MpzTBcKqaa0l0k8FDdlobDtJ94QVKNfMF0w
DgYDVR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB
/zApBgNVHQ4EIgQgxL6aI6nufoznFDDukcIWHhrAYIrNu7tNFYfHsoxgX0IwCgYI
KoZIzj0EAwIDSAAwRQIhAJ5fLjps0Fq0r0l0Vfi1/35TMYgo9/6rNRkjnCZ3xPEV
AiAVbQba7Pg9s8Ej6ok2zta1biohj5+k/flDM5KXM1NfOg==
-----END CERTIFICATE-----
Admins"4
Admins*
OrdererOrgAdmins"3
Readers(
OrdererOrgAdmins"3
Writers(
OrdererOrgAdmins*Admins!
ConsensusType
soloAdmins"
BatchSize
���1�� Admins
BatchTimeout
1msAdmins
ChannelRestrictionsAdmins"*
ockValidation
WritersAdmins""
aders
ReadersAdmins""
iters
WritersAdmins""
Admins
AdminsAdmins*Admins&
HashingAlgorithm
SHA256Admins-
BlockDataHashingStructure����Admins;
OrdererAddresses'
node1:7050/Channel/Orderer/Admins""
aders
ReadersAdmins""
iters
WritersAdmins""
Admins
AdminsAdmins*Admins
Error: Got unexpected status: BAD_REQUEST -- Error authorizing update: Error validating DeltaSet: Policy for [Groups] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
This usually indicates that the signer of the channel creation transaction does not have admin rights for one of the consortium orgs, however, it may indicate a failure for a number of other reasons.
Unfortunately, the error must be somewhat cryptic, to avoid leaking information about consortium or channel membership. To get the underlying cause, you will need to check the orderer logs. If it is not already set, you will want to turn the log level up to debug in orderer.yaml or alternately by setting ORDERER_GENERAL_LOGLEVEL=debug before starting the orderer. In your orderer logs, you will see the same error text as output by the peer client, but in the preceding lines you will see additional causes for your error.
The most common reasons are:
- The identity is not in the list of admins for the org.
- The identity's certificate is not validly signed by the org CA chain.
- The identity's org is not known to the orderer.
Some other unlikely possibilities because you are using the peer binary and not custom code:
- The signature does not match the identity or signed bytes.
- The identity is malformed.
Assuming that the cause is not obvious from the orderer logs, if you post them here, I'd be happy to help diagnose them.
Oh, and as a helpful tip. You may see a more human readable version of your genesisblock by using configtxgen -inspectBlock <genesis.block>.
Edit: Looking back a the top of your post I see this output in the orderer log:
ERRO 02d Principal deserialization failure (The supplied identity is not valid, Verify() returned x509: certificate signed by unknown authority) for identity
This would indicate that the certificate claims to be issued by a CA, but is not signed by the CA the orderer knows about (error type 2 above). This would commonly happen if you bootstrapped the orderer, then regenerated the crypto material for your environment without removing the orderer's storage directory.
It's important to remember that the ORDERER_GENERAL_GENESISFILE is only read if the system is not already bootstrapped, so changing the genesis block for the orderer will have no affect unless the orderer storage is also deleted.
This has nothing to do with TLS, since the request has reached the orderer. Have it been a TLS issue - you wouln't have gotten the following error:
Error: Got unexpected status: BAD_REQUEST -- Error authorizing update: Error validating DeltaSet: Policy for [Groups] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
Now, the error basically means that you tried to send a transaction for channel creation, but the transaction was signed by a user (a client certificate) that isn't a channel admin.
You need to prefix the command with something similar to this:
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
Below solution worked for me.
Go inside your peer docker container. Go to /etc/hyperledger/msp/users/Admin@org1.example.com/msp and run export CORE_PEER_MSPCONFIGPATH=$PWD
Run your peer channel create command again with appropriate flags.
in my case, it was some missing entries in the docker-compose file for orderer:
ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] was changed to ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt, /etc/hyperledger/crypto/peerORG1/tls/ca.crt, /etc/hyperledger/crypto/peerORG2/tls/ca.crt, /etc/hyperledger/crypto/peerORG3/tls/ca.crt] and then it worked.
so that's something you might want to check, especially if you have a customized setup.
In my case, the only thing that was missing was to define the CORE_PEER_MSPCONFIGPATH correctly.
Using fabric 1.1
Hope it will help others.
来源:https://stackoverflow.com/questions/45726536/peer-channel-creation-fails-in-hyperledger-fabric