Date   

Starting Orderer: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Orderer sub-group config #hyperledger-fabric #fabric-orderer

Marek Malik <info@...>
 

Hi all,
Could I please ask you guys for help?

When starting the orderer I'm getting the following error: 

2021-01-20 22:57:02.487 UTC [orderer.common.server] Main -> PANI 113 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Orderer sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set
panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Orderer sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set

goroutine 1 [running]:
go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc0003b4000, 0x0, 0x0, 0x0)
/go/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore/entry.go:230 +0x545
go.uber.org/zap.(*SugaredLogger).log(0xc000010168, 0x11aff04, 0x1025645, 0x25, 0xc00052b8e8, 0x1, 0x1, 0x0, 0x0, 0x0)
/go/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:234 +0x100
go.uber.org/zap.(*SugaredLogger).Panicf(...)
/go/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:159
github.com/hyperledger/fabric/common/flogging.(*FabricLogger).Panicf(...)
/go/src/github.com/hyperledger/fabric/common/flogging/zap.go:74
github.com/hyperledger/fabric/orderer/common/server.Main()
/go/src/github.com/hyperledger/fabric/orderer/common/server/main.go:118 +0x1c83
main.main()
/go/src/github.com/hyperledger/fabric/cmd/orderer/main.go:15 +0x20

Does anyone have any idea where this may be coming from? 

In the Orderer, the msp folder contains the config file with the cert (and admin OU). The Cert is the one that I got when enrolling the orderer user (registered with `--id.type orderer` flag). 
The orderer reads the file and locates the cert correctly (if I change the path to it fails).

This is the Profile part from the configtx.yaml file: 

################################################################################
Profiles:

amvoxChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Amvox
- *Org2
- *Org3
Capabilities:
<<: *ApplicationCapabilities

OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults

Organizations:
- *AmvoxDLT
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Amvox
- *Org2
- *Org3


Please, could someone help with the orderer?


Fabric Contributor Meeting - Wed, 01/20/2021 #cal-notice

fabric@lists.hyperledger.org Calendar <noreply@...>
 

Fabric Contributor Meeting

When:
Wednesday, 20 January 2021
9:00am to 10:00am
(GMT-05:00) America/New York

Where:
https://zoom.us/my/hyperledger.community.3?pwd=UE90WHhEaHRqOGEyMkV3cldKa2d2dz09

Organizer:
enyeart@...

Description:
For meeting agendas, recordings, and more details, see https://wiki.hyperledger.org/display/fabric/Contributor+Meetings

Join Zoom Meeting
https://zoom.us/j/5184947650?pwd=UE90WHhEaHRqOGEyMkV3cldKa2d2dz09
 
Meeting ID: 518 494 7650
Passcode: 475869


Fabric Contributor Meeting - January 20, 2021

David Enyeart
 

Hyperledger Fabric Contributor Meeting

When: Every other Wednesday 9am US Eastern, 14:00 UTC

Where: https://zoom.us/j/5184947650?pwd=UE90WHhEaHRqOGEyMkV3cldKa2d2dz09

Agendas and Recordings: https://wiki.hyperledger.org/display/fabric/Contributor+Meetings

----------------------------------------------------------------------------------------------------

Agenda for January 20, 2021

- Operations Smart Contract - Tatsuya Sato
https://lists.hyperledger.org/g/fabric/message/9464
https://github.com/satota2/fabric-opssc



Private Chaincode Lab - Tue, 01/19/2021 #cal-notice

fabric@lists.hyperledger.org Calendar <noreply@...>
 

Private Chaincode Lab

When:
Tuesday, 19 January 2021
8:00am to 9:00am
(GMT-08:00) America/Los Angeles

Where:
https://zoom.us/my/hyperledger.community.3?pwd=UE90WHhEaHRqOGEyMkV3cldKa2d2dz09

Organizer:
bur@...

Description:
Two of the Hyperleger Labs projects (private data objects and private chain code) are collaborating to develop a "private smart contracts" capability.

Join Zoom Meeting https://zoom.us/j/5184947650?pwd=UE90WHhEaHRqOGEyMkV3cldKa2d2dz09 Meeting ID: 518 494 7650 Passcode: 475869


Re: Channel Policy

Samyak Jain | TraceX
 

Very helpful, thanks

Sincerely yours,
Samyak Jain

From: Jason K Yellick <jyellick@...>
Sent: Tuesday, January 19, 2021 8:04:44 PM
To: Samyak Jain | TraceX <samyakj@...>
Cc: fabric@... <fabric@...>
Subject: RE: [Hyperledger Fabric] Channel Policy
 
To answer your question specifically, the /Channel/Application/Admins policy determines who must sign to add or remove an application organization on a channel.

More generally you may find https://hyperledger-fabric.readthedocs.io/en/release-2.2/policies/policies.html helpful.
 

----- Original message -----
From: samyakj@...
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Channel Policy
Date: Sat, Jan 16, 2021 8:46 AM
 

On Wed, Jan 22, 2020 at 07:57 PM, Jason Yellick wrote:

transactions

HI Jason,/? Which policy do I change to do the same thing for governing only subset of orgs in a consortium that can add another org to a channel?

 


Re: Power of Administrator organiization in channel #hyperledger-fabric #channel #consortium #administrator-organiization

Nikhil Gupta
 

No. If you are referring to the members of the system channel as the "consortium", being removed from the system channel does not remove you from channels that a peer or ordering organization has joined.


On Thu, Jan 14, 2021 at 2:10 PM <vishnurai1999@...> wrote:
If a organization is removed from consortium by the administrator organiization will it be removed from channel?


Re: Channel Policy

Nikhil Gupta
 

On Tue, Jan 19, 2021 at 9:35 AM Jason Yellick <jyellick@...> wrote:
To answer your question specifically, the /Channel/Application/Admins policy determines who must sign to add or remove an application organization on a channel.

More generally you may find https://hyperledger-fabric.readthedocs.io/en/release-2.2/policies/policies.html helpful.
 
----- Original message -----
From: samyakj@...
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Channel Policy
Date: Sat, Jan 16, 2021 8:46 AM
 

On Wed, Jan 22, 2020 at 07:57 PM, Jason Yellick wrote:

transactions

HI Jason,/? Which policy do I change to do the same thing for governing only subset of orgs in a consortium that can add another org to a channel?

 


Re: Channel Policy

Jason Yellick <jyellick@...>
 

To answer your question specifically, the /Channel/Application/Admins policy determines who must sign to add or remove an application organization on a channel.

More generally you may find https://hyperledger-fabric.readthedocs.io/en/release-2.2/policies/policies.html helpful.
 

----- Original message -----
From: samyakj@...
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Channel Policy
Date: Sat, Jan 16, 2021 8:46 AM
 

On Wed, Jan 22, 2020 at 07:57 PM, Jason Yellick wrote:

transactions

HI Jason,/? Which policy do I change to do the same thing for governing only subset of orgs in a consortium that can add another org to a channel?

 


Re: Deprecation of Docker Runtime in Kubernetes - No access to local docker socket #docker #hyperledger-fabric #fabric

chintanr97@...
 

Correct! With HLF v2.x external builders and chaincode as an external service, we can easily migrate to remove the dependency on usage of docker socket. That is definitely one of the ways!

Apart from this, I wanted a generic call from HLF maintainers on this topic - as it would be affecting all the HLF users to migrate from internal builders to chaincode as an external service. I consider that it might be simple, but it incurs cost in production stages and also multiple channels of communication if the setup is hosted on cloud compared to on-prem. 

I am not sure of the exact deadline we should be looking for from Kubernetes on this, but I think some sort of modification or highlight is required for sure - for everyone to be supported and migrated with ease.

Regards,
Chintan Rajvir


Re: Deprecation of Docker Runtime in Kubernetes - No access to local docker socket #docker #hyperledger-fabric #fabric

Alexandre Pauwels
 

Chintan,
HLF 2.x introduced external chaincode builders and chaincode as an external service. With minimal changes to your chaincode package, you can deploy your chaincode as a separate pod within a k8s cluster exposing a port that your peer is then instructed to communicate with for chaincode execution. No more need to build and run chaincode with a dind container. We just made the switch and it was fairly painless.

Alex


On Tue, Jan 19, 2021, 12:56 <chintanr97@...> wrote:
Hi Team,

With us marching slowly towards end-of-life for Docker as a runtime environment in Kubernetes, and containerd turning out to be default for latest Kubernetes version on most cloud providers, I am thinking about the process of "chaincode image building and container creation" using the HLF peer. 

For HLF v1.4.x and HLF v2.x with internal builders, the chaincode containers could no longer be simply created with the help of /var/run/docker.sock file - as the access to it will be denied with the new "containerd" runtime in Kubernetes. 

I wanted to learn about how are we planning in supporting chaincode instantiation through peer (both, in HLF v1.4 or in HLF v2), once the old versions of Kubernetes reach end-of-life and existing users will be looking to upgrade to these latest Kubernetes versions.

Regards,
Chintan Rajvir 


Deprecation of Docker Runtime in Kubernetes - No access to local docker socket #docker #hyperledger-fabric #fabric

chintanr97@...
 

Hi Team,

With us marching slowly towards end-of-life for Docker as a runtime environment in Kubernetes, and containerd turning out to be default for latest Kubernetes version on most cloud providers, I am thinking about the process of "chaincode image building and container creation" using the HLF peer. 

For HLF v1.4.x and HLF v2.x with internal builders, the chaincode containers could no longer be simply created with the help of /var/run/docker.sock file - as the access to it will be denied with the new "containerd" runtime in Kubernetes. 

I wanted to learn about how are we planning in supporting chaincode instantiation through peer (both, in HLF v1.4 or in HLF v2), once the old versions of Kubernetes reach end-of-life and existing users will be looking to upgrade to these latest Kubernetes versions.

Regards,
Chintan Rajvir 


Re: blockToLive for implicit collection #fabric

David Enyeart
 

That's right, implicit collections always use blockToLive=0, the private data is never purged. You would need to create an explicit collection per org if you'd like to set the property values such as blockToLive.


Dave Enyeart

"Kevin X" ---01/17/2021 10:51:14 PM---What is blockToLive fori implicit private data collection? Looking at the code, it appears to be 0,

From: "Kevin X" <kevinx8888@...>
To: fabric@...
Date: 01/17/2021 10:51 PM
Subject: [EXTERNAL] [Hyperledger Fabric] blockToLive for implicit collection #fabric
Sent by: fabric@...





What is blockToLive fori implicit private data collection? Looking at the code, it appears to be 0, i.e. never purged.

Can someone please confirm?




Re: statebased.NewStateEP(ep) does not preserve NOutOf? #fabric #fabric-chaincode

David Enyeart
 

That's right. But you don't have to use the provided implementation, you can simply use it as an example for how to set policies in your own implementation. Look at the provided policyFromMSPIDs() and you'll see how to write a NOutOf policy to meet your needs:
https://github.com/hyperledger/fabric-chaincode-go/blob/master/pkg/statebased/statebasedimpl.go#L103-L143


Dave Enyeart

"Yueming Xu" ---01/17/2021 02:02:18 PM---If you call statebased.NewStateEP(ep), the returned KeyEndorsementPolicy will make all identities re

From: "Yueming Xu" <yxucolo@...>
To: fabric@...
Date: 01/17/2021 02:02 PM
Subject: [EXTERNAL] [Hyperledger Fabric] statebased.NewStateEP(ep) does not preserve NOutOf? #fabric #fabric-chaincode
Sent by: fabric@...





If you call statebased.NewStateEP(ep), the returned KeyEndorsementPolicy will make all identities required to endorse. Even if the original EP requires only 2 outOf 3 orgs to endorse, the policy returned by NewStateEP() will make it 3 outOf 3. I guess that this interface is designed for policies that require all participants to endorse, and so you cannot use this `KeyEndorsementPolicy interface to define endorsement policies that require only m outOf n orgs. Is that right?




Re: how to reference fabric 2.2 in application go.mod? #fabric #fabric-chaincode

Matthew Sykes
 

As of v2 of Fabric, the packages we expect applications and chaincode to build and link against have been extracted to `hyperledger/fabric-chaincode-go` and `hyperledger/fabric-protos-go`. Fabric is not structured as a set of libraries and attempts to reuse packages from the fabric repository will inevitably lead to sadness.

With that being said, if you need to pull in bits of Fabric, use commit hashes in `go.mod` and make no assumptions about API stability.


On Sat, Jan 16, 2021 at 1:26 PM Yueming Xu <yxucolo@...> wrote:
when my GO chaincode has reference to fabric code, the go.mod would pick the following version reference:
github.com/hyperledger/fabric v2.1.1+incompatible

I cannot change the version to v2.2.1, because go module requires a v2/go.mod.  What would you have to do if the application code have reference to code in fabric v2.2 or later?

In my case, I am trying to call the `fabric/common/policydsl.FromString()` to parse an endorsement policy string, so it does not matter to compile it with an older version of fabric, but I am curious how it work work if v2.2 code is required.



--
Matthew Sykes
matthew.sykes@...


Re: Max. Number of Organizations in a common channel #channel #fabric #hyperledger-fabric #network #administrator-organiization

Samyak Jain | TraceX
 

So are you simply saying that let's say if I use state-based endorsement policy which only requires the creator of the transaction and one governing member in the consortium to validate a transaction, practically it should perform well enough?


Re: Max. Number of Organizations in a common channel #channel #fabric #hyperledger-fabric #network #administrator-organiization

Samyak Jain | TraceX
 

On Mon, Jan 18, 2021 at 05:48 AM, Yacov wrote:

Brett Logan

I would then like to ask that what is the recommended way of setting up a common channel to share data between N organizations? Or do we just have to compensate for it by using more compute power? What are the largest number of organizations in a channel that the community has witnessed in a production workload?


blockToLive for implicit collection #fabric

Kevin X
 

What is blockToLive fori implicit private data collection? Looking at the code, it appears to be 0, i.e. never purged.

Can someone please confirm?


Re: Max. Number of Organizations in a common channel #channel #fabric #hyperledger-fabric #network #administrator-organiization

Yacov
 

Just because Fabric does exhaustive search, doesn't mean the problem is really NP hard.

If you have an endorsement policy that is satisfied by any k organizations out of n organizations, then determining if a given signature set satisfies it, is far from being NP hard.

Just make a bipartite graph where on the left side you have vertices that represent principals (n organizations) and on the right side you have vertices that represent identities of your endorsements (there have to be more than distinct k identities otherwise you abort instantly).

Now draw an edge between each identity (in an endorsement) on the right,  to all principals it satisfies (on the left).

Finally, run a graph matching algorithm to find the maximum matching. Since the graph is bipartite, there is a polynomial time algorithmthat solves this problem.

If the algorithm found a matching of size k, then you have k out of n organizations that are satisfied by distinct k signatures (corresponding to identities) in the endorsements of the transaction. Otherwise, it is impossible to satisfy the endorsement policy with the given endorsements.

Lastly, I also claim that you can greatly simplify the search space by doing clever pruning of the policy tree based on the endorsements you are given: If you have total n principals in the system and an endorsement contains up to m<n signatures/identities, then you can do something as follows:
build the endorsement policy tree, and then starting from the leaves, for each principal in a leaf check if there exists an identity in the endorsement set that satisfies it. If not, just prune that leaf from the tree.
Next, go up to the parent level of the policy tree, and prune inner vertices that cannot be satisfied anymore because they have less sub-trees than the NoutOf threshold.
You will notice that intimidating policies such as "n/2 out of n" now become a simple "n/2 out of n/2" policy which is a single principal combination!

What is the worst type of policy tree you can get which renders the pruning approach less effective? probably... an NoutOf(sqrt(n), n) with each sub-tree also being an NoutOf(sqrt(n), n) totalling in n signatures (all principals, I know, this is an inefficient way of saying "n out of n").
In this case, nothing will be pruned and in case of n=100 we are left with a huge combination space.
Why am I giving this example? Because I believe that the "hardness" of the endorsement policy satisfaction lies in the exponential blowup up of the policy language, and not in the evaluation of whether a signature set satisfies the endorsement policy.
In other words - although the syntax of the endorsement policy allows us to construct expressions that have exponential expansion, any reasonable endorsement policy can probably be efficiently checked for satisfaction by a signature set.




From:        "Brett T Logan" <brett.t.logan@...>
To:        samyakj@...
Cc:        fabric@...
Date:        01/17/2021 11:37 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Max. Number of Organizations in a common channel #channel #fabric #hyperledger-fabric #network #administrator-organiization
Sent by:        fabric@...




I'll quote Senthil on this one, consider a channel, with a large...                                                                                                                                                                                      
This Message Is From an External Sender
This message came from outside your organization.




I'll quote Senthil on this one, consider a channel, with a large number of organizations, but only requiring 2 endorsements, the question was, does increasing the number of members decrease the performance:
 
Yes, it does. Though we need to collect only 2 endorsements out of 50 organizations, the matching of the signature set to the endorsement policy is an NP-hard problem. When the search space increases, the performance would go down.
Please refer to slide 22 here – http://www.bchainledger.com/2020/03/performance-analysis-of-hyperledger.html

 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
E-mail: brett.t.logan@...
 

 
 

----- Original message -----
From: samyakj@...
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Max. Number of Organizations in a common channel #channel #fabric #hyperledger-fabric #network #administrator-organiization
Date: Sun, Jan 17, 2021 8:10 AM
 

Hi,

Is there an upper limit to how many organizations can be enrolled in the same channel in Hyperledger Fabric?

What are the best practices to keep in mind when designing a network for many stakeholders (fabric organizations) that need to share data with each other?

Thanks, Samyak Jain

 





Re: Max. Number of Organizations in a common channel #channel #fabric #hyperledger-fabric #network #administrator-organiization

Brett T Logan <brett.t.logan@...>
 

I'll quote Senthil on this one, consider a channel, with a large number of organizations, but only requiring 2 endorsements, the question was, does increasing the number of members decrease the performance:
 

Yes, it does. Though we need to collect only 2 endorsements out of 50 organizations, the matching of the signature set to the endorsement policy is an NP-hard problem. When the search space increases, the performance would go down.

Please refer to slide 22 here – http://www.bchainledger.com/2020/03/performance-analysis-of-hyperledger.html

 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
 
 
 

----- Original message -----
From: samyakj@...
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Max. Number of Organizations in a common channel #channel #fabric #hyperledger-fabric #network #administrator-organiization
Date: Sun, Jan 17, 2021 8:10 AM
 

Hi,

Is there an upper limit to how many organizations can be enrolled in the same channel in Hyperledger Fabric?

What are the best practices to keep in mind when designing a network for many stakeholders (fabric organizations) that need to share data with each other?

Thanks, Samyak Jain

 


statebased.NewStateEP(ep) does not preserve NOutOf? #fabric #fabric-chaincode

Yueming Xu
 

If you call statebased.NewStateEP(ep), the returned KeyEndorsementPolicy will make all identities required to endorse.  Even if the original EP requires only 2 outOf 3 orgs to endorse, the policy returned by NewStateEP() will make it 3 outOf 3.  I guess that this interface is designed for policies that require all participants to endorse, and so you cannot use this `KeyEndorsementPolicy interface to define endorsement policies that require only m outOf n orgs.  Is that right?

2121 - 2140 of 11574